Skip to main content

 

Splunk Lantern

Detecting recurring malware on a host

 

You want to search antivirus logs to find systems on your network that are experiencing multiple infiltrations so that you can mitigate the issue.

Data required

Antivirus data

This sample search uses Symantec Endpoint Protection data. You can replace this source with any other malware data used in your organization. 

Procedure

Next steps

This article has been brought to you by Splunk Education. We’ve learned that the strongest superheroes up-skill with Splunk Education. That’s why we are making Splunk training easier and more accessible than ever with more than 20 self-paced, free eLearning courses. You can start with foundational courses like What is Splunk or dive into more advanced courses like Search Under the HoodResult Modification, and many more. Enroll today so you have the skills to detect the good, the bad, and the unproductive.

For more great content from the Splunk Education team, check out Splunk How-To on YouTube or sign up for a course

 In addition, these Splunk resources might help you understand and implement this search:

Still need help with this use case? Most customers have OnDemand Services per their license support plan. Engage the ODS team at OnDemand-Inquires@splunk.com if you require assistance.