Malware on systems with outdated anti-virus software
|This page is currently a work in progress. Any information presented here might be incomplete or incorrect, and frequent near-term updates are expected.|
Systems with outdated anti-virus (AV) software can become infected with malware. Use Enterprise Security to identify these systems and update your AV software on those systems.
- In the Incident Review dashboard, search for critical notable events that have not been assigned to anyone. Use the dashboard filters to search for urgency="critical", status="new, domain="endpoint" and "network".
- From the search results, determine which of these alerts involve systems that need to be patched or have their anti-virus software updated.
- Assign the systems that need to be patched or updated to an admin for resolution.
Blocked traffic from unknown source
Add a new threat list
This documentation applies to the following versions of Splunk® Enterprise Security: 3.0, 3.0.1