Splunk Search

SEP Antivirus DAT versions in Splunk

udayk1
Path Finder

I have tried to get the list of endpoints and servers which are not updated with the latest AV DAT versions in the network, however, seems no luck after executing the query. We are using SEP as an AV, in order to get this as a pie or dashboard. But we are receiving normal logs from this server.

Tags (1)
0 Karma

mreynov_splunk
Splunk Employee
Splunk Employee
0 Karma

richgalloway
SplunkTrust
SplunkTrust

Please provide some sample log entries and the query you've tried.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...