Splunk Enterprise Security

can some one help which CIM model maps to below event

Explorer

can you see if these events can fit into the Malware data model
LogName=Application
SourceName=Trend Micro OfficeScan Server
EventCode=800
EventType=3
Type=Warning
ComputerName=XXXXXXX.XXXXXX.com
User=NOT_TRANSLATED
Sid=S-1-5-18
SidType=0
TaskCategory=System
OpCode=None
RecordNumber=432219
Keywords=Classic
Message=C&C callback detected

Compromised Host: XXXXXX-XX93

IP Address: XX.XXX.19.XX

Domain: XXX prod-dba\

Date/Time: 1/2/2020 10:22:27

Callback address: xx.xxx.xx.43

C&C risk level: Dangerous

C&C list source: Relevance Rule
Action: Logged

0 Karma

Splunk Employee
Splunk Employee
0 Karma

Esteemed Legend

Yes, that event should be in the Malware datamodel.

0 Karma