Splunk Enterprise Security

incorrect query field of dat_version

quentinwl_chung
New Member

…….
[EPOEvents].[AnalyzerVersion] as [product_version],
[EPOEvents].[AnalyzerEngineVersion] as [engine_version],
[EPOEvents].[AnalyzerEngineVersion] as [dat_version],
[EPOProdPropsView_VIRUSCAN].[datver] as [vse_dat_version],
…….
Splunk reference:
http://docs.splunk.com/Documentation/AddOns/released/McAfeeEPO/ConfigureDBConnectv2inputs

Questions:
1) it should not be "AnalyzerEngineVersion" as dat_version, it should be "AnalyzerDATVersion"
So it should be
…….
[EPOEvents].[AnalyzerVersion] as [product_version],
[EPOEvents].[AnalyzerEngineVersion] as [engine_version],
[EPOEvents].[AnalyzerDATVersion] as [dat_version],
[EPOProdPropsView_VIRUSCAN].[datver] as [vse_dat_version],
…….

2) which field is exactly the latest virus signature of each client machine??

refer to https://answers.splunk.com/answers/560951/signature-version-seams-to-use-wrong-field.html
vse_dat_version is the signature version field?

0 Karma
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...