maxlanzi, We have several OOTB correlation searches that leverage data provided by your Antivirus/Malware solutions. Endpoint - Host With Multiple Infections - Rule Endpoint - Old Malware Infection - Rule Endpoint - High Number of Hosts With Infection - Rule Endpoint - High Number Of Infected Hosts - Rule Endpoint - High Or Critical Priority Host With Malware - Rule Endpoint - Recurring Malware Infection - Rule Endpoint - Outbreak Observed - Rule We also have a number of OOTB correlation searches that discover activity indicative of malware, but leverage other data sets such as Firewall/Proxy. If you need a comprehensive list of correlation searches and descriptions, please contact Splunk Sales. ... View more