You want to search antivirus logs to find systems on your network that are experiencing multiple infiltrations so that you can mitigate the issue.
This sample search uses Symantec Endpoint Protection data. You can replace this source with any other malware data used in your organization.
For more great content from the Splunk Education and Training team, check out Splunk How-To on YouTube or sign up for a course. In addition, these Splunk resources might help you understand and implement this search:
- Splunk Add-On: Symantec Endpoint Protection
Need technical help? Explore our customer success resources to find education and training, engage experts through OnDemand services, view support options, and more.