Skip to main content
Splunk Lantern

Detecting recurring malware on a host

You want to search antivirus logs to find systems on your network that are experiencing multiple infiltrations so that you can mitigate the issue.

Data required

Antivirus data

This sample search uses Symantec Endpoint Protection data. You can replace this source with any other malware data used in your organization. 


Next steps

For more great content from the Splunk Education and Training team, check out Splunk How-To on YouTube or sign up for a course. In addition, these Splunk resources might help you understand and implement this search:

Still need help with this use case? Most customers have OnDemand Services per their license support plan. Engage the ODS team at if you require assistance.