You want to search antivirus logs to find systems on your network that are experiencing multiple infiltrations so that you can mitigate the issue.
This sample search uses Symantec Endpoint Protection data. You can replace this source with any other malware data used in your organization.
For more great content from the Splunk Education and Training team, check out Splunk How-To on YouTube or sign up for a course. In addition, these Splunk resources might help you understand and implement this search:
- Splunk Add-On: Symantec Endpoint Protection