Splunk Cloud Platform

Tags used with Malware events

verifi81
Path Finder

Hi all.

I have Symantec Endpoint Protection Manager and troubleshooting the splunk Malware Datamodel. I am trying to determine what exactly constitutes an event as malware.

 I've already gone through this link about the CIM for malware but it doesn't answer my question. 

Basically I have a minor risk event from SEP but that event did not trigger in a correlation search which is  searching from a datamodel "malware".   I'll attach screenshots of the datamodel.

I'll attach a screenshot of the datamodel. I'm assuming my event didn't match because it was not tagged as malware as per the constraint of the dataset.  My question is, where can I find the criteria of this tag? Hope that makes sense.

Labels (1)
0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

Go to Settings->Tags->List by tag name to see the definition of a tag.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

0 Karma

verifi81
Path Finder

That was it. Thanks!

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Go to Settings->Tags->List by tag name to see the definition of a tag.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...