Splunk® Enterprise Security

Use Splunk Enterprise Security

Download manual as PDF

This documentation does not apply to the most recent version of ES. Click here for the latest version.
Download topic as PDF

Malware on systems with outdated anti-virus software

This page is currently a work in progress. Any information presented here might be incomplete or incorrect, and frequent near-term updates are expected.

Systems with outdated anti-virus (AV) software can become infected with malware. Use Enterprise Security to identify these systems and update your AV software on those systems.

  • In the Incident Review dashboard, search for critical notable events that have not been assigned to anyone. Use the dashboard filters to search for urgency="critical", status="new, domain="endpoint" and "network".
  • From the search results, determine which of these alerts involve systems that need to be patched or have their anti-virus software updated.
  • Assign the systems that need to be patched or updated to an admin for resolution.
Last modified on 12 July, 2013
Blocked traffic from unknown source
Add a new threat list

This documentation applies to the following versions of Splunk® Enterprise Security: 3.0, 3.0.1

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters