Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to take mcafee virus scan and endpoint security version information into account?

SarahSplunk123
Explorer
‎04-09-2018 05:22 AM

Hello,

The EPOProdPropsView_VIRUSCAN fields are not present in the new version of McAfee : Endpoint Security replaces Virus Scan. Therefore, we cannot access the version data anymore, which is a problem for security logs analysis.
We have seen an answer which brings a partial solution to our problem:
https://answers.splunk.com/answers/626506/moving-from-mcafee-vse-to-ens.html
However, the two versions are currently being used, we need the query to take both into account.

Could the Splunk team who develops the McAfee addon update the query to take both versions into account?

Thanks

Best regards,

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...