Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Exploit McAfee log files in a dashboard (Threat Detection)

kvnpichon
Path Finder
‎06-26-2020 09:16 AM

Hi Splunkers,

I have a testing project in progress to create multiples security dashboards from Microsoft Windows endpoints.

For this one, I need to create a dashboard to display the threat detected on each device.

My issue is I have actually no control on the McAfee server but I have only the McAfee following log files (%ProgramData%\McAfee\Endpoint Security\Logs) :

  • EndpointSecurityPlatform_Activity.log
  • SelfProtection_Activity.log
  • AccessProtection_Activity.log
  • ThreatPrevention_Activity.log
  • ExploitPrevention_Activity.log
  • OnDemandScan_Activity.log

I added the files on the Spunk database but as I never get infected and I really don't know how the logs are working, I can't create my dashboard...

Do you have clues about how to detect threat/malware/virus within the previous files to be able to create my dashboard ?

Thanks,

Splunk experts are really rare.

Kevin

Labels (1)
Labels
0 Karma
Reply

kvnpichon
Path Finder
‎07-28-2020 12:57 AM

Hello,

I really need your help guys.

I'm still looking for a solution to create this dashboard.

Thanks

0 Karma
Reply
Get Updates on the Splunk Community!

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Reimagine what you can do with your dashboards. Dashboard Studio is Splunk’s newest dashboard builder to ...

Introducing Edge Processor: Next Gen Data Transformation

We get it - not only can it take a lot of time, money and resources to get data into Splunk, but it also takes ...

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Help us learn about how Splunk has impacted your career by taking the 2021 Splunk Career Survey. Last year’s ...