Dashboards & Visualizations

Exploit McAfee log files in a dashboard (Threat Detection)

kvnpichon
Path Finder

Hi Splunkers,

I have a testing project in progress to create multiples security dashboards from Microsoft Windows endpoints.

For this one, I need to create a dashboard to display the threat detected on each device.

My issue is I have actually no control on the McAfee server but I have only the McAfee following log files (%ProgramData%\McAfee\Endpoint Security\Logs) :

  • EndpointSecurityPlatform_Activity.log
  • SelfProtection_Activity.log
  • AccessProtection_Activity.log
  • ThreatPrevention_Activity.log
  • ExploitPrevention_Activity.log
  • OnDemandScan_Activity.log

I added the files on the Spunk database but as I never get infected and I really don't know how the logs are working, I can't create my dashboard...

Do you have clues about how to detect threat/malware/virus within the previous files to be able to create my dashboard ?

Thanks,

Splunk experts are really rare.

Kevin

Labels (1)
0 Karma

kvnpichon
Path Finder

Hello,

I really need your help guys.

I'm still looking for a solution to create this dashboard.

Thanks

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!