Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
477 results
Sorted by:
08-20-2019
11:50 AM
Greetings...
We are currently using ES and ingesting data from our IDS and AV to populate the Malware DataModel.
According to the documentation:
https://docs.splunk.com/Documentation/CIM/4.13...
04-11-2019
11:55 AM
We are using ES with a datamodel that has the base constraint:
(`cim_Malware_indexes`) tag=malware tag=attack
This drives correlation searches like: Endpoint - Recurring Malware I...
Show results in replies (7)
-
...ossible. If you run cim_Malware_indexes tag=malware tag=attack (same as your search) in the search w...
-
Referring above and against malware correlation rules. most of the time the triggered notable e...
-
...onnect to your asset and provide the owner field. index="notable" search_name="*Malware*" | `g...
-
...he owner would be the "user" in the context of the Malware notable.
-
...omething like... index="notable" search_name="*Malware*" user="unknown" | join dest [|i...
-
...earch: | tstats summariesonly=false allow_old_summaries=true dc(Malware_Attacks.date) as "d...
-
...hich can come in any events, e.g Malware, network etc..]. Similary you need to capture all users in i...
11-18-2020
08:18 AM
Hi all. I have Symantec Endpoint Protection Manager and troubleshooting the splunk Malware Datamodel. I am trying to determine what exactly constitutes an event as malware. I've already g...
Labels
- Labels:
-
Splunk Investigate
yesterday
hi Expert, i have a question for this issue. What methods are you used to detect malware? Does it have anything to do with SVM or machine learning? Please help me answer this q...
Labels
- Labels:
-
other
06-03-2019
06:40 AM
1 Karma
I am using the Infosec App but I am not getting any malware information.
I am getting events from Sophos Central and these are searchable etc.
I have set the cim_malware_indexes to search the s...
09-05-2019
01:20 PM
Does anyone have examples of how to use Splunk to find systems with outdated anti-malware?
01-23-2020
12:38 AM
Hi,
Will the result on the Malware dashboard also change when we already clean the detected malware?
Thanks!
11-20-2019
07:39 AM
Does anyone have examples of how to use Splunk to detect a basic malware outbreak?
11-20-2019
08:45 AM
Does anyone have examples of how to use Splunk to detect malware infections across multiple hosts?
01-31-2013
03:14 PM
when we try to connect with a google subject, the computer redirects to some other home page for some products we have no interest in, no matter how many times we return to google and try another con...
