Re: Exploit McAfee log files in a dashboard (Threa...

kvnpichon · ‎06-26-2020

Hi Splunkers,

I have a testing project in progress to create multiples security dashboards from Microsoft Windows endpoints.

For this one, I need to create a dashboard to display the threat detected on each device.

My issue is I have actually no control on the McAfee server but I have only the McAfee following log files (%ProgramData%\McAfee\Endpoint Security\Logs) :

EndpointSecurityPlatform_Activity.log
SelfProtection_Activity.log
AccessProtection_Activity.log
ThreatPrevention_Activity.log
ExploitPrevention_Activity.log
OnDemandScan_Activity.log

I added the files on the Spunk database but as I never get infected and I really don't know how the logs are working, I can't create my dashboard...

Do you have clues about how to detect threat/malware/virus within the previous files to be able to create my dashboard ?

Thanks,

Splunk experts are really rare.

Kevin

kvnpichon · ‎07-28-2020

Hello,

I really need your help guys.

I'm still looking for a solution to create this dashboard.

Thanks

Exploit McAfee log files in a dashboard (Threat Detection)

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases

Are you a member of the Splunk Community?

Exploit McAfee log files in a dashboard (Threat Detection)

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases