Splunk Search

Seeking help to create a dashboard for Antivirus alerts in splunk

mputtam
Path Finder

Hi community,

Need your help..! is there any possibility that we can create a dashboard for AV related issues or notables...? 

was using the below query but could get the exact results. requesting you to help me on this to create a dashboard for AV related alerts for the servers.

| tstats summariesonly=true max(_time) AS time values(Malware_Attacks.file_name) AS fileName values(Malware_Attacks.signature) AS signature from datamodel=Malware.Malware_Attacks by Malware_Attacks.event_description, Malware_Attacks.dest Malware_Attacks.action | makemv delim="|" fileName
| makemv delim="|" signature
| rename Malware_Attacks.event_description AS event_description
| rename Malware_Attacks.dest AS dest
| rename Malware_Attacks.action as action
| regex event_description!="blocked"
| regex event_description!="deleted"
| regex event_description!="Cleaned"
| regex event_description!="handled"
| where event_description!="Exploit Prevention Files/Process/Registry violation detected" OR threat_handled!=1
| where event_description!="Infected file found, access denied" OR threat_handled!=1
| search action!=handled event_description!=DLL* event_description!="Script security violation detected, AMSI would block"
| table time event_description dest fileName signature

 

Thanks,

Kishore

Labels (3)
0 Karma
Get Updates on the Splunk Community!

AppDynamics Summer Webinars

This summer, our mighty AppDynamics team is cooking up some delicious content on YouTube Live to satiate your ...

SOCin’ it to you at Splunk University

Splunk University is expanding its instructor-led learning portfolio with dedicated Security tracks at .conf25 ...

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

Organizations handling credit card transactions know that PCI DSS compliance is both critical and complex. The ...