Seculert detects malware communications from devices in your organization to command and control hosts.
The individual raw communication records are reported into Splunk as events, while the aggregate incidents of infected devices are reported in a Summary lookup.
Using lookup solves challenge of updating information in an incident entity such as the time it was last seen or its status (open, closed).
Records and incidents are linked through an incident id.
... View more