Greetings...
We are currently using ES and ingesting data from our IDS and AV to populate the Malware DataModel.
According to the documentation:
https://docs.splunk.com/Documentation/CIM/4.13...
Hi all. I have Symantec Endpoint Protection Manager and troubleshooting the splunk Malware Datamodel. I am trying to determine what exactly constitutes an event as malware. I've already g...
We are using ES with a datamodel that has the base constraint:
(`cim_Malware_indexes`) tag=malware tag=attack
This drives correlation searches like: Endpoint - Recurring Malware I...
I am using the Infosec App but I am not getting any malware information.
I am getting events from Sophos Central and these are searchable etc.
I have set the cim_malware_indexes to search the s...