I have a testing project in progress to create multiples security dashboards from Microsoft Windows endpoints.
For this one, I need to create a dashboard to display the threat detected on each device.
My issue is I have actually no control on the McAfee server but I have only the McAfee following log files (%ProgramData%\McAfee\Endpoint Security\Logs) :
I added the files on the Spunk database but as I never get infected and I really don't know how the logs are working, I can't create my dashboard...
Do you have clues about how to detect threat/malware/virus within the previous files to be able to create my dashboard ?
Splunk experts are really rare.