Splunk Cloud Platform

Tags used with Malware events

verifi81
Path Finder

Hi all.

I have Symantec Endpoint Protection Manager and troubleshooting the splunk Malware Datamodel. I am trying to determine what exactly constitutes an event as malware.

 I've already gone through this link about the CIM for malware but it doesn't answer my question. 

Basically I have a minor risk event from SEP but that event did not trigger in a correlation search which is  searching from a datamodel "malware".   I'll attach screenshots of the datamodel.

I'll attach a screenshot of the datamodel. I'm assuming my event didn't match because it was not tagged as malware as per the constraint of the dataset.  My question is, where can I find the criteria of this tag? Hope that makes sense.

Labels (1)
0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

Go to Settings->Tags->List by tag name to see the definition of a tag.

---
If this reply helps you, an upvote would be appreciated.

View solution in original post

0 Karma

verifi81
Path Finder

That was it. Thanks!

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Go to Settings->Tags->List by tag name to see the definition of a tag.

---
If this reply helps you, an upvote would be appreciated.
0 Karma