Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
385 results
Sorted by:
08-20-2019
11:50 AM
Greetings...
We are currently using ES and ingesting data from our IDS and AV to populate the Malware DataModel.
According to the documentation:
https://docs.splunk.com/Documentation/CIM/4.13...
11-18-2020
08:18 AM
Hi all. I have Symantec Endpoint Protection Manager and troubleshooting the splunk Malware Datamodel. I am trying to determine what exactly constitutes an event as malware. I've already g...
Labels
- Labels:
-
Splunk Investigate
04-11-2019
11:55 AM
We are using ES with a datamodel that has the base constraint:
(`cim_Malware_indexes`) tag=malware tag=attack
This drives correlation searches like: Endpoint - Recurring Malware I...
Show results in replies (7)
-
...ossible. If you run cim_Malware_indexes tag=malware tag=attack (same as your search) in the search w...
-
Referring above and against malware correlation rules. most of the time the triggered notable e...
-
...onnect to your asset and provide the owner field. index="notable" search_name="*Malware*" | `g...
-
...he owner would be the "user" in the context of the Malware notable.
-
...omething like... index="notable" search_name="*Malware*" user="unknown" | join dest [|i...
-
...earch: | tstats summariesonly=false allow_old_summaries=true dc(Malware_Attacks.date) as "d...
-
...hich can come in any events, e.g Malware, network etc..]. Similary you need to capture all users in i...
06-03-2019
06:40 AM
1 Karma
I am using the Infosec App but I am not getting any malware information.
I am getting events from Sophos Central and these are searchable etc.
I have set the cim_malware_indexes to search the s...
09-05-2019
01:20 PM
Does anyone have examples of how to use Splunk to find systems with outdated anti-malware?
11-20-2019
07:39 AM
Does anyone have examples of how to use Splunk to detect a basic malware outbreak?
11-20-2019
08:45 AM
Does anyone have examples of how to use Splunk to detect malware infections across multiple hosts?
01-23-2020
12:38 AM
Hi,
Will the result on the Malware dashboard also change when we already clean the detected malware?
Thanks!
03-19-2019
03:15 AM
It corresponds to CIM, but there is a model that I do not understand well.
What is the CIM Malware Operation? Can you explain in detail?
01-03-2020
11:04 AM
Does anyone have examples of how to use Splunk to detect endpoints that have uncleaned malware?
