Knowledge Management

What is the difference between CIM malware attacks and Operations?

Champion

It corresponds to CIM, but there is a model that I do not understand well.
What is the CIM Malware Operation? Can you explain in detail?

0 Karma
1 Solution

SplunkTrust
SplunkTrust

Malware operations is about events/activities relating to 'scan', 'AV updates', scan started, scan completed etc.. that are not related to detecting an attack [ e.g. virus/malware/threat detected - they usually have a signature]. These events are to have tags : Malware, Operations as per data models.

View solution in original post

SplunkTrust
SplunkTrust

Malware operations is about events/activities relating to 'scan', 'AV updates', scan started, scan completed etc.. that are not related to detecting an attack [ e.g. virus/malware/threat detected - they usually have a signature]. These events are to have tags : Malware, Operations as per data models.

View solution in original post