Ad slot: top
GoSplunk SPL + dashboard repository
Log in Register

SPL

Microsoft Antimalware Malware Detection Details

WinEventLog:System

Description

Submitted by SplunkNinja

This query will return results if malware is detected, and return detailed information on the Malware detected.
0 0 
sourcetype="WinEventLog:System" SourceName="Microsoft Antimalware"  EventCode=1116 |eval Date=strftime(_time, "%Y/%m/%d")| stats count by host, Category, Name, Path, Severity, Date

Comments

0 total

Be the first to comment on this SPL.

Leave a comment

You must log in to post a comment.

Ad slot: bottom