I need a query for basic malware outbreak
Need query with server IP and server name from this raw logs.
you have to install ta-windows for extract fields and use field to query
search example:
index=* source="WinEventLog:Security" | table _time src src_ip dest action app signature
Thanks for your reply, but we are using Trend Micro Apex One as an antivirus and we are able to extracting from the same.
Could you please confirm that TA for Microsoft Windows Defender will support Trend Micro Apex One?