Dashboards & Visualizations

Exploit McAfee log files in a dashboard (Threat Detection)

Path Finder

Hi Splunkers,

I have a testing project in progress to create multiples security dashboards from Microsoft Windows endpoints.

For this one, I need to create a dashboard to display the threat detected on each device.

My issue is I have actually no control on the McAfee server but I have only the McAfee following log files (%ProgramData%\McAfee\Endpoint Security\Logs) :

  • EndpointSecurityPlatform_Activity.log
  • SelfProtection_Activity.log
  • AccessProtection_Activity.log
  • ThreatPrevention_Activity.log
  • ExploitPrevention_Activity.log
  • OnDemandScan_Activity.log

I added the files on the Spunk database but as I never get infected and I really don't know how the logs are working, I can't create my dashboard...

Do you have clues about how to detect threat/malware/virus within the previous files to be able to create my dashboard ?


Splunk experts are really rare.


Labels (1)
0 Karma

Path Finder


I really need your help guys.

I'm still looking for a solution to create this dashboard.


0 Karma
Get Updates on the Splunk Community!

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Reimagine what you can do with your dashboards. Dashboard Studio is Splunk’s newest dashboard builder to ...

Introducing Edge Processor: Next Gen Data Transformation

We get it - not only can it take a lot of time, money and resources to get data into Splunk, but it also takes ...

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Help us learn about how Splunk has impacted your career by taking the 2021 Splunk Career Survey. Last year’s ...