CINXE.COM

Antivirus and antimalware data - Splunk Lantern

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Antivirus and antimalware data - Splunk Lantern</title> <link media="screen" type="text/css" rel="stylesheet" href="https://a.mtstatic.com/@cache/layout/legacy.css?_=814adc7572602bc7c2a39e3e9899638a_bGFudGVybi5zcGx1bmsuY29t:site_13743" id="mt-screen-css" /> <link media="print" type="text/css" rel="stylesheet" href="https://a.mtstatic.com/@cache/layout/print.css?_=a87985e947b3b92ebec6cfe4689bceb3:site_13743" id="mt-print-css" /> <script type="text/javascript" nonce="9843a63798b4ad5bf53a6b5091341e0ea61393caa6c30a7b98acccc24a85540d" src="https://a.mtstatic.com/deki/javascript/out/grape.min.js?_=76f77a33377b2f0da26a22ff3a2c3345f92f980b:site_13743"></script><script type="application/json" id="mt-global-settings" nonce="9843a63798b4ad5bf53a6b5091341e0ea61393caa6c30a7b98acccc24a85540d">{"apiToken":"xhr_2_1732682047_dc3a62d03a78f7509f52a87215a248da90aa1f4c28aa34675492ee588dc630fd","pageId":384,"pageViewId":"67319d2c-1c79-4ebb-8d0c-14ddb217503e"}</script> <!-- OneTrust Cookies Consent Notice start for lantern.splunk.com --> <script src="https://cdn.cookielaw.org/scripttemplates/otSDKStub.js" type="text/javascript" charset="UTF-8" data-domain-script="a033fe7d-80cf-4e46-8cc6-1a0d7f0cf92c"></script> <script type="text/javascript">/*<![CDATA[*/ function OptanonWrapper() { } /*]]>*/</script> <!-- OneTrust Cookies Consent Notice end for lantern.splunk.com --> <!-- Google Tag Manager --> <script>/*<![CDATA[*/(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0], j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src= 'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f); })(window,document,'script','dataLayer','GTM-TPV7TP');/*]]>*/</script> <!-- End Google Tag Manager &acirc;&#134;&#146; <- Google Tag Manager (noscript) &acirc;&#134;&#146; <noscript> <iframe src="https://www.googletagmanager.com/ns.html?id=GTM-TPV7TP" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript> <- End Google Tag Manager (noscript) &acirc;&#134;&#146;</html>--> <script type="text/javascript" nonce="9843a63798b4ad5bf53a6b5091341e0ea61393caa6c30a7b98acccc24a85540d">(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)})(window,document,'script','//www.google-analytics.com/analytics.js','ga');ga('create','UA-65721316-34','lantern.splunk.com',{name:'mtTracker',allowLinker:true});ga('mtTracker.require','linker');ga('mtTracker.set', 'anonymizeIp', true);ga('mtTracker.send','pageview');document.addEventListener('mindtouch-web-widget:f1:loaded',function(e){var t=e.data||{},d=t.widget;d&&''!==t.embedId&&document.addEventListener('mindtouch-web-widget:f1:clicked',function(e){var t=(e.data||{}).href;if(t){var n=document.createElement('a');n.setAttribute('href',t),'expert-help.nice.com'===n.hostname&&(e.preventDefault(),ga('linker:decorate',n),d.open(n.href))}})});</script> </head> <body class="columbia-page-main columbia-article-topic columbia-breadcrumb-home-datadescriptors-antivirusandantimalwaredata columbia-live no-touch columbia-lang-en-us columbia-skin-grape"> <div class="grape-messaging"> </div> <div class="grape-header-custom"> <div class="custom-nav-wrapper"><div class="navbar"><div class="logo-container"><div class="navbar-link navbar-logo"><div translate="no"><a href="https://splunk.com" target="_blank" rel="external noopener nofollow" class="link-https"><img src="https://lantern.splunk.com/@api/deki/site/logo.png?default=https://a.mtstatic.com/skins/styles/elm/logo.svg%3F_%3D76f77a33377b2f0da26a22ff3a2c3345f92f980b:site_13743" /></a></div></div><div class="navbar-link lantern-home"><a class="internal" href="https://lantern.splunk.com/" rel="internal">Lantern Home</a></div><div class="navbar-link navbar-link-toggle"><span class="hamburger"></span><span class="hamburger"></span><span class="hamburger"></span></div></div><nav class="navbar-items navbar-items-right"><div class="navbar-link mobile-user-wrapper"><img id="splunk-login-icon" class="internal" alt="splunk-login-icon.png" loading="lazy" src="https://lantern.splunk.com/@api/deki/files/4151/splunk-login-icon.png?revision=1" /><a href="https://lantern.splunk.com/@app/auth/2/login?returnto=Data_Descriptors/Antivirus_and_antimalware_data" rel="nofollow">Login</a></div><div class="navbar-link"><a target="_blank" href="https://docs.splunk.com/" rel="external noopener nofollow" class="link-https">Documentation</a></div><div class="navbar-link"><a target="_blank" href="https://www.splunk.com/en_us/community.html" rel="external noopener nofollow" class="link-https">Community</a></div><div class="navbar-link"><a target="_blank" href="https://www.splunk.com/en_us/training.html" rel="external noopener nofollow" class="link-https">Training &amp; Certification</a></div><div class="navbar-link"><a target="_blank" href="http://login.splunk.com/page/sso_redirect?type=portal" rel="external noopener nofollow" class="external">Support Portal</a></div><div class="navbar-link"><a target="_blank" href="https://usergroups.splunk.com/" rel="external noopener nofollow" class="link-https">User Groups</a></div><div class="navbar-link user-dropdown"><img id="login-icon" class="internal" alt="splunk-login-icon.png" loading="lazy" src="https://lantern.splunk.com/@api/deki/files/4151/splunk-login-icon.png?revision=1" /><div id="dropdown-wrapper"><div class="triangle"></div><ul><a href="https://lantern.splunk.com/@app/auth/2/login?returnto=Data_Descriptors/Antivirus_and_antimalware_data" rel="nofollow">Login</a></ul></div></div><div class="navbar-link"><a target="_blank" href="https://www.splunk.com/en_us/download/splunk-cloud/cloud-trial.html" rel="external noopener nofollow" class="link-https">Free Splunk</a></div></nav></div></div> <script type="text/javascript">/*<![CDATA[*/ function classToggle() { const navs = document.querySelectorAll('.navbar-items') navs.forEach(function(nav) { nav.classList.toggle('navbar-toggle-show') }) } document.querySelector('.navbar-link-toggle') .addEventListener('click', classToggle);/*]]>*/</script> <script type="text/javascript">/*<![CDATA[*/ var userDropLink = document.querySelector(".navbar-link.user-dropdown"); var userDropName = document.getElementById("user-dropdown-name"); var userDropMenu = document.getElementById("dropdown-wrapper"); var userDropArrow = document.querySelector(".dropdown-arrow"); var userIcon = document.getElementById("login-icon-desk-anon"); console.log(userIcon); function showDropdown() { if(userDropName && userDropArrow) { userDropArrow.style.transform = "rotate(180deg)"; userDropArrow.style.color = "#ed0080"; userDropMenu.style.display = "block"; userDropName.style.background = "#ed0080"; } else { console.log("anon"); userDropMenu.style.display = "block"; userIcon.style.fill = "#ed0080"; } } function hideDropdown() { if(userDropName && userDropArrow) { userDropMenu.style.display = "none"; userDropName.style.background = "#656c76"; userDropArrow.style.transform = "rotate(0deg)"; userDropArrow.style.color = "#656c76"; } else { userDropMenu.style.display = "none"; userIcon.style.fill = "#656c76"; } } userDropLink.addEventListener("mouseenter", showDropdown); userDropLink.addEventListener("mouseleave", hideDropdown);/*]]>*/</script> <script type="text/javascript">/*<![CDATA[*/ (function(){var g=function(e,h,f,g){ this.get=function(a){for(var a=a+"=",c=document.cookie.split(";"),b=0,e=c.length;b<e;b++){for(var d=c[b];" "==d.charAt(0);)d=d.substring(1,d.length);if(0==d.indexOf(a))return d.substring(a.length,d.length)}return null}; this.set=function(a,c){var b="",b=new Date;b.setTime(b.getTime()+6048E5);b="; expires="+b.toGMTString();document.cookie=a+"="+c+b+"; path=/; "}; this.check=function(){var a=this.get(f);if(a)a=a.split(":");else if(100!=e)"v"==h&&(e=Math.random()>=e/100?0:100),a=[h,e,0],this.set(f,a.join(":"));else return!0;var c=a[1];if(100==c)return!0;switch(a[0]){case "v":return!1;case "r":return c=a[2]%Math.floor(100/c),a[2]++,this.set(f,a.join(":")),!c}return!0}; this.go=function(){if(this.check()){var a=document.createElement("script");a.type="text/javascript";a.src=g;document.body&&document.body.appendChild(a)}}; this.start=function(){var t=this;"complete"!==document.readyState?window.addEventListener?window.addEventListener("load",function(){t.go()},!1):window.attachEvent&&window.attachEvent("onload",function(){t.go()}):t.go()};}; try{(new g(100,"r","QSI_S_ZN_1EUShoUYECtmqnc","https://zn1eushouyectmqnc-splunk.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_1EUShoUYECtmqnc")).start()}catch(i){}})(); /*]]>*/</script> <script type="text/javascript">/*<![CDATA[*/ var seated = user.seated;/*]]>*/</script> <script type="text/javascript">/*<![CDATA[*/ (function(){var g=function(e,h,f,g){ this.get=function(a){for(var a=a+"=",c=document.cookie.split(";"),b=0,e=c.length;b<e;b++){for(var d=c[b];" "==d.charAt(0);)d=d.substring(1,d.length);if(0==d.indexOf(a))return d.substring(a.length,d.length)}return null}; this.set=function(a,c){var b="",b=new Date;b.setTime(b.getTime()+6048E5);b="; expires="+b.toGMTString();document.cookie=a+"="+c+b+"; path=/; "}; this.check=function(){var a=this.get(f);if(a)a=a.split(":");else if(100!=e)"v"==h&&(e=Math.random()>=e/100?0:100),a=[h,e,0],this.set(f,a.join(":"));else return!0;var c=a[1];if(100==c)return!0;switch(a[0]){case "v":return!1;case "r":return c=a[2]%Math.floor(100/c),a[2]++,this.set(f,a.join(":")),!c}return!0}; this.go=function(){if(this.check()){var a=document.createElement("script");a.type="text/javascript";a.src=g;document.body&&document.body.appendChild(a)}}; this.start=function(){var t=this;"complete"!==document.readyState?window.addEventListener?window.addEventListener("load",function(){t.go()},!1):window.attachEvent&&window.attachEvent("onload",function(){t.go()}):t.go()};}; try{(new g(100,"r","QSI_S_ZN_6YEBaVzF9jwyuj4","https://zn6yebavzf9jwyuj4-splunk.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_6YEBaVzF9jwyuj4")).start()}catch(i){}})(); /*]]>*/</script> <div id="ZN_6YEBaVzF9jwyuj4">&nbsp;</div> <script type="text/javascript">/*<![CDATA[*/ (function(){var g=function(e,h,f,g){ this.get=function(a){for(var a=a+"=",c=document.cookie.split(";"),b=0,e=c.length;b<e;b++){for(var d=c[b];" "==d.charAt(0);)d=d.substring(1,d.length);if(0==d.indexOf(a))return d.substring(a.length,d.length)}return null}; this.set=function(a,c){var b="",b=new Date;b.setTime(b.getTime()+6048E5);b="; expires="+b.toGMTString();document.cookie=a+"="+c+b+"; path=/; "}; this.check=function(){var a=this.get(f);if(a)a=a.split(":");else if(100!=e)"v"==h&&(e=Math.random()>=e/100?0:100),a=[h,e,0],this.set(f,a.join(":"));else return!0;var c=a[1];if(100==c)return!0;switch(a[0]){case "v":return!1;case "r":return c=a[2]%Math.floor(100/c),a[2]++,this.set(f,a.join(":")),!c}return!0}; this.go=function(){if(this.check()){var a=document.createElement("script");a.type="text/javascript";a.src=g;document.body&&document.body.appendChild(a)}}; this.start=function(){var t=this;"complete"!==document.readyState?window.addEventListener?window.addEventListener("load",function(){t.go()},!1):window.attachEvent&&window.attachEvent("onload",function(){t.go()}):t.go()};}; try{(new g(100,"r","QSI_S_ZN_aaOQXgG6XwUToDc","https://znaaoqxgg6xwutodc-splunk.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_aaOQXgG6XwUToDc")).start()}catch(i){}})(); /*]]>*/</script> <div id="ZN_aaOQXgG6XwUToDc">&nbsp;</div> </div> <div class="grape-header grape-wrapper"> <div class="grape-header-container grape-wrapper-container"> <div class="grape-site-logo"> <a class="logo-anonymous" href="/" title="Splunk Lantern"> <img class="mt-cdn" src="https://a.mtstatic.com/@public/production/site_13743/1710778214-logo.png" alt="Splunk Lantern" title="Splunk Lantern"> </a> </div> <div class="grape-site-navigation"> <ul class="mt-site-nav"> <li class="mt-login-sign-in"> <a class="mt-icon-quick-sign-in" href="https://lantern.splunk.com/@app/auth/2/login?returnto=https%3A%2F%2Flantern.splunk.com%2FData_Descriptors%2FAntivirus_and_antimalware_data" title="Sign in"> Sign in </a> </li> <li class="mt-login-forgot-password"> <a class="mt-icon-login-forgot-password" href="https://lantern.splunk.com/Special:UserPassword" title="Retrieve lost password"> Forgot password </a> </li> </ul> </div> <div class="grape-site-search"> <div class="mt-quick-search-container"> <form action="/Special:Search"> <input name="path" id="mt-search-path" type="hidden" value="" /> <label class="mt-label" for="mt-site-search-input"> Search </label> <input class="mt-text mt-search search-field" name="q" id="mt-site-search-input" placeholder="How can we help you?" type="search" /> <button class="mt-button ui-button-icon mt-icon-site-search-button search-button" type="submit"> Search </button> </form> </div> </div> </div> <div class="grape-site-nav grape-wrapper-container"> <ul class="mt-breadcrumbs"> <li> <a href="https://lantern.splunk.com/"> <span class="mt-icon-article-category mt-icon-article-home"></span> Home </a> </li> <li> <a href="https://lantern.splunk.com/Data_Descriptors"> <span class="mt-icon-article-guide"></span> Data Descriptors </a> </li> </ul> </div> </div> <div class="grape-content grape-wrapper"> <div class="grape-content-container grape-wrapper-container"> <div id="flash-messages"><div class="dekiFlash"></div></div> <h1 id="title" class="no-edit" style="visibility: visible;"> Antivirus and antimalware data </h1> <div class="mt-last-updated"> <strong>Last updated:</strong> <span class="modified mt-last-updated-timestamp" data-timestamp="2023-09-29T20:31:52Z"></span> </div> <div class="mt-content-header"> <p>&nbsp;</p> </div> <div class="mt-content-side"> <div class="custom-tree"><div id="side-nav-toggle-container"><span class="side-nav-hamburger"></span><span class="side-nav-hamburger"></span><span class="side-nav-hamburger"></span></div><div class="wiki-tree"><ul><li class="first"><a title="Data_Descriptors/Antivirus_and_antimalware_data" pageid="384" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Antivirus_and_antimalware_data" rel="internal">Antivirus and antimalware data</a></li><li><a title="Data_Descriptors/Application_data" pageid="385" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Application_data" rel="internal">Application data</a></li><li><a title="Data_Descriptors/Application_server_data" pageid="435" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Application_server_data" rel="internal">Application server data</a></li><li><a title="Data_Descriptors/Authentication_data" pageid="383" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Authentication_data" rel="internal">Authentication data</a></li><li><a title="Data_Descriptors/Backup_data" pageid="950" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Backup_data" rel="internal">Backup data</a></li><li><a title="Data_Descriptors/Vendor-specific_data" pageid="387" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Vendor-specific_data" rel="internal">Vendor-specific data</a></li><li><a title="Data_Descriptors/Endpoint_detection_and_response_(EDR)_data" pageid="469" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Endpoint_detection_and_response_(EDR)_data" rel="internal">Endpoint detection and response (EDR) data</a></li><li><a title="Data_Descriptors/Intrusion_detection_and_prevention_data_(IDS_and_IPS)" pageid="472" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Intrusion_detection_and_prevention_data_(IDS_and_IPS)" rel="internal">Intrusion detection and prevention data (IDS and IPS)</a></li><li><a title="Data_Descriptors/Load_balancer_data" pageid="473" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Load_balancer_data" rel="internal">Load balancer data</a></li><li><a title="Data_Descriptors/Email_data" pageid="426" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Email_data" rel="internal">Email data</a></li><li><a title="Data_Descriptors/Network_communication_data" pageid="894" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Network_communication_data" rel="internal">Network communication data</a></li><li><a title="Data_Descriptors/Patch_management_data" pageid="953" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Patch_management_data" rel="internal">Patch management data</a></li><li><a title="Data_Descriptors/Physical_security_data" pageid="947" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Physical_security_data" rel="internal">Physical security data</a></li><li><a title="Data_Descriptors/Web_proxy_data" pageid="895" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Web_proxy_data" rel="internal">Web proxy data</a></li><li><a title="Data_Descriptors/Change_events_data" pageid="897" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Change_events_data" rel="internal">Change events data</a></li><li><a title="Data_Descriptors/Configuration_management_data" pageid="898" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Configuration_management_data" rel="internal">Configuration management data</a></li><li><a title="Data_Descriptors/IP_address_assignment_data" pageid="381" class="internal" href="https://lantern.splunk.com/Data_Descriptors/IP_address_assignment_data" rel="internal">IP address assignment data</a></li><li><a title="Data_Descriptors/Vulnerability_detection_data" pageid="424" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Vulnerability_detection_data" rel="internal">Vulnerability detection data</a></li><li><a title="Data_Descriptors/Web_server_data" pageid="434" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Web_server_data" rel="internal">Web server data</a></li><li><a title="Data_Descriptors/DNS_data" pageid="474" class="internal" href="https://lantern.splunk.com/Data_Descriptors/DNS_data" rel="internal">DNS data</a><ul><li class="first last"><a title="Data_Descriptors/DNS_data/Installing_and_configuring_Splunk_Stream" pageid="4623" class="internal" href="https://lantern.splunk.com/Data_Descriptors/DNS_data/Installing_and_configuring_Splunk_Stream" rel="internal">Installing and configuring Splunk Stream</a></li></ul></li><li><a title="Data_Descriptors/Linux_and_Unix" pageid="5621" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Linux_and_Unix" rel="internal">Linux and Unix</a></li><li><a title="Data_Descriptors/Okta" pageid="4822" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Okta" rel="internal">Okta</a><ul><li class="first"><a title="Data_Descriptors/Okta/Enabling_Okta_single_sign-on_in_the_Splunk_platform" pageid="4802" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Okta/Enabling_Okta_single_sign-on_in_the_Splunk_platform" rel="internal">Enabling Okta single sign-on in the Splunk platform</a></li><li class="last"><a title="Data_Descriptors/Okta/Getting_Okta_data_into_the_Splunk_platform" pageid="4803" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Okta/Getting_Okta_data_into_the_Splunk_platform" rel="internal">Getting Okta data into the Splunk platform</a></li></ul></li><li><a title="Data_Descriptors/SAP" pageid="4419" class="internal" href="https://lantern.splunk.com/Data_Descriptors/SAP" rel="internal">SAP</a></li><li><a title="Data_Descriptors/Zscaler" pageid="2127" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Zscaler" rel="internal">Zscaler</a></li><li><a title="Data_Descriptors/Zoom" pageid="3753" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Zoom" rel="internal">Zoom</a></li><li><a title="Data_Descriptors/Zeek" pageid="3495" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Zeek" rel="internal">Zeek</a></li><li><a title="Data_Descriptors/Websense" pageid="3905" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Websense" rel="internal">Websense</a></li><li><a title="Data_Descriptors/VMware" pageid="3906" class="internal" href="https://lantern.splunk.com/Data_Descriptors/VMware" rel="internal">VMware</a></li><li><a title="Data_Descriptors/CrowdStrike" pageid="3526" class="internal" href="https://lantern.splunk.com/Data_Descriptors/CrowdStrike" rel="internal">CrowdStrike</a></li><li><a title="Data_Descriptors/Carbon_Black" pageid="866" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Carbon_Black" rel="internal">Carbon Black</a></li><li><a title="Data_Descriptors/Kubernetes" pageid="2194" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Kubernetes" rel="internal">Kubernetes</a><ul><li class="first"><a title="Data_Descriptors/Kubernetes/Getting_Kubernetes_log_data_Into_Splunk_Cloud_Platform_with_OpenTelemetry" pageid="7077" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Kubernetes/Getting_Kubernetes_log_data_Into_Splunk_Cloud_Platform_with_OpenTelemetry" rel="internal">Getting Kubernetes log data Into Splunk Cloud Platform with OpenTelemetry</a></li><li class="last"><a title="Data_Descriptors/Kubernetes/Setting_up_the_OpenTelemetry_Demo_in_Kubernetes" pageid="7078" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Kubernetes/Setting_up_the_OpenTelemetry_Demo_in_Kubernetes" rel="internal">Setting up the OpenTelemetry Demo in Kubernetes</a></li></ul></li><li><a title="Data_Descriptors/Check_Point" pageid="1784" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Check_Point" rel="internal">Check Point</a></li><li><a title="Data_Descriptors/Fortinet" pageid="3777" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Fortinet" rel="internal">Fortinet</a></li><li><a title="Data_Descriptors/Salesforce" pageid="885" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Salesforce" rel="internal">Salesforce</a></li><li><a title="Data_Descriptors/Symantec" pageid="887" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Symantec" rel="internal">Symantec</a></li><li><a title="Data_Descriptors/Palo_Alto_Networks" pageid="884" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Palo_Alto_Networks" rel="internal">Palo Alto Networks</a><ul><li class="first last"><a title="Data_Descriptors/Palo_Alto_Networks/Using_ingest_actions_to_filter_Palo_Alto_logs" pageid="7989" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Palo_Alto_Networks/Using_ingest_actions_to_filter_Palo_Alto_logs" rel="internal">Using ingest actions to filter Palo Alto logs</a></li></ul></li><li><a title="Data_Descriptors/Trend_Micro" pageid="5708" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Trend_Micro" rel="internal">Trend Micro</a></li><li><a title="Data_Descriptors/Tenable" pageid="1789" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Tenable" rel="internal">Tenable</a><ul><li class="first last"><a title="Data_Descriptors/Tenable/Migrating_from_Tenable_LCE_to_Splunk_Enterprise_Security" pageid="7414" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Tenable/Migrating_from_Tenable_LCE_to_Splunk_Enterprise_Security" rel="internal">Migrating from Tenable LCE to Splunk Enterprise Security</a></li></ul></li><li><a title="Data_Descriptors/GitHub" pageid="3805" class="internal" href="https://lantern.splunk.com/Data_Descriptors/GitHub" rel="internal">GitHub</a></li><li><a title="Data_Descriptors/Atlassian" pageid="2199" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Atlassian" rel="internal">Atlassian</a></li><li><a title="Data_Descriptors/AppDynamics" pageid="2196" class="internal" href="https://lantern.splunk.com/Data_Descriptors/AppDynamics" rel="internal">AppDynamics</a></li><li><a title="Data_Descriptors/Dell" pageid="871" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Dell" rel="internal">Dell</a></li><li><a title="Data_Descriptors/Syslog" pageid="4334" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Syslog" rel="internal">Syslog</a><ul><li class="first"><a title="Data_Descriptors/Syslog/Installing_Splunk_Connect_For_Syslog_(SC4S)_on_a_Windows_network" pageid="4336" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Syslog/Installing_Splunk_Connect_For_Syslog_(SC4S)_on_a_Windows_network" rel="internal">Installing Splunk Connect For Syslog (SC4S) on a Windows network</a></li><li class="last"><a title="Data_Descriptors/Syslog/Understanding_best_practices_for_Splunk_Connect_for_Syslog" pageid="2261" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Syslog/Understanding_best_practices_for_Splunk_Connect_for_Syslog" rel="internal">Understanding best practices for Splunk Connect for Syslog</a><ul><li class="first"><a title="Data_Descriptors/Syslog/Understanding_best_practices_for_Splunk_Connect_for_Syslog/Adding_compliance_data_to_syslog_data_in_stream" pageid="2255" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Syslog/Understanding_best_practices_for_Splunk_Connect_for_Syslog/Adding_compliance_data_to_syslog_data_in_stream" rel="internal">Adding compliance data to syslog data in stream</a></li><li><a title="Data_Descriptors/Syslog/Understanding_best_practices_for_Splunk_Connect_for_Syslog/Filtering_syslog_data_to_dev_null" pageid="2256" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Syslog/Understanding_best_practices_for_Splunk_Connect_for_Syslog/Filtering_syslog_data_to_dev_null" rel="internal">Filtering syslog data to dev null</a></li><li class="last"><a title="Data_Descriptors/Syslog/Understanding_best_practices_for_Splunk_Connect_for_Syslog/Routing_syslog_data_to_custom_indexes" pageid="2141" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Syslog/Understanding_best_practices_for_Splunk_Connect_for_Syslog/Routing_syslog_data_to_custom_indexes" rel="internal">Routing syslog data to custom indexes</a></li></ul></li></ul></li><li><a title="Data_Descriptors/Apache" pageid="1714" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Apache" rel="internal">Apache</a></li><li><a title="Data_Descriptors/Amazon" pageid="5735" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Amazon" rel="internal">Amazon</a><ul><li class="first"><a title="Data_Descriptors/Amazon/Configuring_AWS_CloudTrail_and_CloudWatch_data_collection" pageid="863" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Amazon/Configuring_AWS_CloudTrail_and_CloudWatch_data_collection" rel="internal">Configuring AWS CloudTrail and CloudWatch data collection</a></li><li><a title="Data_Descriptors/Amazon/Expanding_AWS_log_ingestion_capabilities_with_Splunk_Data_Manager_custom_logs" pageid="8100" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Amazon/Expanding_AWS_log_ingestion_capabilities_with_Splunk_Data_Manager_custom_logs" rel="internal">Expanding AWS log ingestion capabilities with custom logs in Splunk Data Manager</a></li><li><a title="Data_Descriptors/Amazon/Implementing_a_reingestion_pipeline_for_AWS_logs_using_Kinesis_Data_Firehose" pageid="7381" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Amazon/Implementing_a_reingestion_pipeline_for_AWS_logs_using_Kinesis_Data_Firehose" rel="internal">Implementing a reingestion pipeline for AWS logs using Kinesis Data Firehose</a></li><li><a title="Data_Descriptors/Amazon/Ingesting_AWS_S3_data_written_by_ingest_actions" pageid="7958" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Amazon/Ingesting_AWS_S3_data_written_by_ingest_actions" rel="internal">Ingesting AWS S3 data written by ingest actions</a></li><li><a title="Data_Descriptors/Amazon/Ingesting_VPC_flow_logs_into_Edge_Processor_via_Firehose_streams" pageid="8108" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Amazon/Ingesting_VPC_flow_logs_into_Edge_Processor_via_Firehose_streams" rel="internal">Ingesting VPC flow logs into Edge Processor via Amazon Data Firehose</a></li><li><a title="Data_Descriptors/Amazon/Migrating_AWS_inputs_to_Data_Manager" pageid="4516" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Amazon/Migrating_AWS_inputs_to_Data_Manager" rel="internal">Migrating AWS inputs to Data Manager</a></li><li><a title="Data_Descriptors/Amazon/Partitioning_data_in_S3_for_the_best_FS-S3_experience" pageid="7825" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Amazon/Partitioning_data_in_S3_for_the_best_FS-S3_experience" rel="internal">Partitioning data in S3 for the best FS-S3 experience</a></li><li><a title="Data_Descriptors/Amazon/Using_federated_search_for_Amazon_S3_(FS-S3)_to_filter,_enrich,_and_retrieve_data_from_Amazon_S3" pageid="8342" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Amazon/Using_federated_search_for_Amazon_S3_(FS-S3)_to_filter%2C_enrich%2C_and_retrieve_data_from_Amazon_S3" rel="internal">Using federated search for Amazon S3 (FS-S3) to filter, enrich, and retrieve data from Amazon S3</a></li><li><a title="Data_Descriptors/Amazon/Using_federated_search_for_Amazon_S3_(FS-S3)_with_Edge_Processor" pageid="8040" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Amazon/Using_federated_search_for_Amazon_S3_(FS-S3)_with_Edge_Processor" rel="internal">Using federated search for Amazon S3 (FS-S3) with Edge Processor</a></li><li class="last"><a title="Data_Descriptors/Amazon/Using_federated_search_for_Amazon_S3_(FS-S3)_with_ingest_actions" pageid="7900" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Amazon/Using_federated_search_for_Amazon_S3_(FS-S3)_with_ingest_actions" rel="internal">Using federated search for Amazon S3 (FS-S3) with ingest actions</a></li></ul></li><li><a title="Data_Descriptors/Cisco" pageid="5742" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Cisco" rel="internal">Cisco</a></li><li><a title="Data_Descriptors/Microsoft" pageid="5743" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Microsoft" rel="internal">Microsoft</a><ul><li class="first"><a title="Data_Descriptors/Microsoft/Getting_started_with_Microsoft_Azure_Event_Hub_data" pageid="2937" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Microsoft/Getting_started_with_Microsoft_Azure_Event_Hub_data" rel="internal">Getting started with Microsoft Azure Event Hub data</a></li><li><a title="Data_Descriptors/Microsoft/Getting_started_with_Microsoft_Teams_call_record_data" pageid="7167" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Microsoft/Getting_started_with_Microsoft_Teams_call_record_data" rel="internal">Getting started with Microsoft Teams call record data</a></li><li><a title="Data_Descriptors/Microsoft/Getting_started_with_Microsoft_Teams_call_record_data_and_Azure_Functions" pageid="7168" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Microsoft/Getting_started_with_Microsoft_Teams_call_record_data_and_Azure_Functions" rel="internal">Getting started with Microsoft Teams call record data and Azure Functions</a></li><li class="last"><a title="Data_Descriptors/Microsoft/Getting_started_with_the_Microsoft_Teams_Add-on_for_Splunk" pageid="7166" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Microsoft/Getting_started_with_the_Microsoft_Teams_Add-on_for_Splunk" rel="internal">Getting started with the Microsoft Teams Add-on for Splunk</a></li></ul></li><li><a title="Data_Descriptors/Google" pageid="5744" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Google" rel="internal">Google</a><ul><li class="first"><a title="Data_Descriptors/Google/Configuring_Alert_Actions_with_the_Google_Chrome_Add_On_for_Splunk" pageid="6562" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Google/Configuring_Alert_Actions_with_the_Google_Chrome_Add_On_for_Splunk" rel="internal">Configuring Alert Actions with the Google Chrome Add On for Splunk</a></li><li><a title="Data_Descriptors/Google/Configuring_Google_Workspace_as_a_SAML_IdP_with_Splunk_Cloud_Platform" pageid="3317" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Google/Configuring_Google_Workspace_as_a_SAML_IdP_with_Splunk_Cloud_Platform" rel="internal">Configuring Google Workspace as a SAML IdP with Splunk Cloud Platform</a></li><li><a title="Data_Descriptors/Google/Deploying_Workload_Identity_Federation_between_AWS_and_GCP" pageid="7961" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Google/Deploying_Workload_Identity_Federation_between_AWS_and_GCP" rel="internal">Deploying Workload Identity Federation between AWS and GCP</a></li><li><a title="Data_Descriptors/Google/Getting_started_with_the_Google_ChromeOS_App_for_Splunk" pageid="7202" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Google/Getting_started_with_the_Google_ChromeOS_App_for_Splunk" rel="internal">Getting started with the Google ChromeOS App for Splunk</a></li><li><a title="Data_Descriptors/Google/Getting_started_with_the_Google_Chrome_App_for_Splunk" pageid="6447" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Google/Getting_started_with_the_Google_Chrome_App_for_Splunk" rel="internal">Getting started with the Google Chrome App for Splunk</a></li><li><a title="Data_Descriptors/Google/Ingesting_Google_Cloud_asset_inventory_data" pageid="1875" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Google/Ingesting_Google_Cloud_asset_inventory_data" rel="internal">Ingesting Google Cloud asset inventory data</a></li><li class="last"><a title="Data_Descriptors/Google/Ingesting_Google_Cloud_data_into_Splunk_using_command_line_programs" pageid="5897" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Google/Ingesting_Google_Cloud_data_into_Splunk_using_command_line_programs" rel="internal">Ingesting Google Cloud data into Splunk using command line programs</a></li></ul></li><li><a title="Data_Descriptors/JupiterOne" pageid="5913" class="internal" href="https://lantern.splunk.com/Data_Descriptors/JupiterOne" rel="internal">JupiterOne</a><ul><li class="first last"><a title="Data_Descriptors/JupiterOne/Optimizing_and_automating_SecOps_with_JupiterOne" pageid="5912" class="internal" href="https://lantern.splunk.com/Data_Descriptors/JupiterOne/Optimizing_and_automating_SecOps_with_JupiterOne" rel="internal">Optimizing and automating SecOps with JupiterOne</a></li></ul></li><li><a title="Data_Descriptors/GitLab" pageid="6414" class="internal" href="https://lantern.splunk.com/Data_Descriptors/GitLab" rel="internal">GitLab</a><ul><li class="first"><a title="Data_Descriptors/GitLab/Getting_Gitlab_CICD_data_out_of_a_Gitlab_Pipeline_into_Splunk" pageid="6415" class="internal" href="https://lantern.splunk.com/Data_Descriptors/GitLab/Getting_Gitlab_CICD_data_out_of_a_Gitlab_Pipeline_into_Splunk" rel="internal">Getting GitLab CI/CD data into the Splunk platform</a></li><li class="last"><a title="Data_Descriptors/GitLab/Sending_GitLab_webhook_data_to_the_Splunk_platform" pageid="6417" class="internal" href="https://lantern.splunk.com/Data_Descriptors/GitLab/Sending_GitLab_webhook_data_to_the_Splunk_platform" rel="internal">Sending GitLab webhook data to the Splunk platform</a></li></ul></li><li><a title="Data_Descriptors/Mac_OS" pageid="6655" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Mac_OS" rel="internal">Mac OS</a><ul><li class="first last"><a title="Data_Descriptors/Mac_OS/Collecting_Mac_OS_log_files" pageid="6648" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Mac_OS/Collecting_Mac_OS_log_files" rel="internal">Collecting Mac OS log files</a></li></ul></li><li><a title="Data_Descriptors/Docker" pageid="7069" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Docker" rel="internal">Docker</a><ul><li class="first"><a title="Data_Descriptors/Docker/Getting_Docker_log_data_into_Splunk_Cloud_Platform_with_OpenTelemetry" pageid="7075" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Docker/Getting_Docker_log_data_into_Splunk_Cloud_Platform_with_OpenTelemetry" rel="internal">Getting Docker log data into Splunk Cloud Platform with OpenTelemetry</a></li><li class="last"><a title="Data_Descriptors/Docker/Setting_up_the_OpenTelemetry_Demo_in_Docker" pageid="7070" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Docker/Setting_up_the_OpenTelemetry_Demo_in_Docker" rel="internal">Setting up the OpenTelemetry Demo in Docker</a></li></ul></li><li><a title="Data_Descriptors/Firewall_data" pageid="470" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Firewall_data" rel="internal">Firewall data</a></li><li><a title="Data_Descriptors/MOVEit" pageid="7904" class="internal" href="https://lantern.splunk.com/Data_Descriptors/MOVEit" rel="internal">MOVEit</a></li><li><a title="Data_Descriptors/Skyhigh_Security" pageid="7909" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Skyhigh_Security" rel="internal">Skyhigh Security</a><ul><li class="first last"><a title="Data_Descriptors/Skyhigh_Security/Configuring_Splunk_add-on_for_McAfee//Skyhigh_Web_Gateway" pageid="7933" class="internal" href="https://lantern.splunk.com/Data_Descriptors/Skyhigh_Security/Configuring_Splunk_add-on_for_McAfee%2F%2FSkyhigh_Web_Gateway" rel="internal">Configuring Splunk add-on for McAfee/Skyhigh Web Gateway</a></li></ul></li><li><a title="Data_Descriptors/CyberArk" pageid="7938" class="internal" href="https://lantern.splunk.com/Data_Descriptors/CyberArk" rel="internal">CyberArk</a></li><li><a title="Data_Descriptors/OpenAI" pageid="7964" class="internal" href="https://lantern.splunk.com/Data_Descriptors/OpenAI" rel="internal">OpenAI</a><ul><li class="first last"><a title="Data_Descriptors/OpenAI/Monitoring_applications_using_OpenAI_API_and_GPT_models_with_OpenTelemetry_and_Splunk_APM" pageid="7965" class="internal" href="https://lantern.splunk.com/Data_Descriptors/OpenAI/Monitoring_applications_using_OpenAI_API_and_GPT_models_with_OpenTelemetry_and_Splunk_APM" rel="internal">Monitoring applications using OpenAI API and GPT models with OpenTelemetry and Splunk APM</a></li></ul></li><li class="last"><a title="Data_Descriptors/NETSCOUT" pageid="8411" class="internal" href="https://lantern.splunk.com/Data_Descriptors/NETSCOUT" rel="internal">NETSCOUT</a><ul><li class="first last"><a title="Data_Descriptors/NETSCOUT/Configuring_and_monitoring_NETSCOUT_Omnis_AI_Streamer_data" pageid="8412" class="internal" href="https://lantern.splunk.com/Data_Descriptors/NETSCOUT/Configuring_and_monitoring_NETSCOUT_Omnis_AI_Streamer_data" rel="internal">Configuring and monitoring NETSCOUT Omnis AI Streamer data</a></li></ul></li></ul></div></div> <script type="text/javascript">/*<![CDATA[*/ const trees = document.querySelectorAll(".wiki-tree > ul"); let currentPage = window.location.href; function listChildren(e) { if (e.children.length === 0) { return; } for (var i = 0; i < e.children.length; i++) { var el = e.children[i]; if (el.children.length > 1 && el.tagName == "LI") { el.className = "mt-icon-arrow-right8 collapsed"; el.addEventListener("click", function (event) { if (this.className == "mt-icon-arrow-right8 collapsed") { this.className = "mt-icon-arrow-down8"; } else { this.className = "mt-icon-arrow-right8 collapsed"; } event.stopPropagation(); }); } else { el.addEventListener("click", function (event) { event.stopPropagation(); }); } if (el.href == currentPage) { el.classList.add("active-page"); //Loop through this page and all parent pages, and remove the collapsed class var pElement = el.parentElement.parentElement; //Skipping direct parent so that currentPage itself remains collapsed for (var j = 0; j < 1000; j++) { pElement.classList.remove("collapsed"); if (pElement.classList.contains("mt-icon-arrow-right8")) { pElement.classList.remove("mt-icon-arrow-right8"); pElement.classList.add("mt-icon-arrow-down8"); } pElement = pElement.parentElement; if (pElement.classList.contains("wiki-tree")) { break; } } } listChildren(e.children[i]); } } for (var i = 0; i < trees.length; i++) { listChildren(trees[i]); }/*]]>*/</script> </div> <div id="mt-toc-container" data-title="Table of contents" data-collapsed="true"> <button class="mt-toggle mt-summary-toggle ui-button-icon mt-toggle-expand">Table of contents</button> <div class="mt-toc-content mt-collapsible-section mt-toc-hide"> <ol><li><a href="#Common_data_sources" rel="internal">Common data sources</a></li><li><a href="#Use_cases_for_the_Splunk_platform" rel="internal">Use cases for the Splunk platform</a></li><li><a href="#Use_cases_for_Splunk_security_products" rel="internal">Use cases for Splunk security products</a></li></ol> </div> </div> <div id="page-top"> <div id="topic"> <div id="pageText"><p>The weakest link in corporate security is an individual, and antivirus is one way to protect employees from performing inadvertently harmful actions. Whether it&rsquo;s clicking on an untrustworthy web link, downloading malicious software or opening a booby-trapped document (often one sent to them by an unsuspecting colleague), antivirus can often prevent, mitigate or reverse the damage. So-called advanced persistent threats (APTs) often enter through a single compromised machine attached to a trusted network.</p> <p>Anti-virus and anti-malware solutions provide malware discovery and quarantine activities on endpoints, such as workstations, business servers, virtual desktops, and mobile devices. They look for specific files and behaviors that indicate presence or the attempted installation of malicious software (for example, Trojans, worms, ransomware, spyware, rootkits, and viruses. Anti-virus and anti-malware help prevent, detect, and quarantine/remove malicious software that has been downloaded and activated. In the Common Information Model, antivirus data is typically mapped to the <a title="https://docs.splunk.com/Documentation/CIM/latest/User/Malware" href="https://docs.splunk.com/Documentation/CIM/latest/User/Malware" target="_blank" rel="external noopener nofollow" class="link-https">Malware data&nbsp;model</a>&nbsp;and <a href="https://docs.splunk.com/Documentation/CIM/latest/User/Endpoint" rel="noopener" target="_blank">Endpoint data model</a>.&nbsp;</p> <div class="mt-contentreuse-widget" data-page="hc/Splunk_Help_Content_Reuse/Getting_data_in_-_All" data-section="" data-show="false"> <div class="mt-include" id="s4817"><div class="mt-notes-container style-wrap" title="Note"> <p>Before looking at documentation for specific data sources, review&nbsp;the Splunk Docs information on general data ingestion:&nbsp;</p> <ul> <li><a data-saferedirecturl="https://www.google.com/url?q=https://docs.splunk.com/Documentation/Splunk/8.2.6/Data/WhatSplunkcanmonitor&amp;source=gmail&amp;ust=1651084776831000&amp;usg=AOvVaw1l1fJTsyDyESITUAfSZzOi" href="https://docs.splunk.com/Documentation/Splunk/latest/Data/Getstartedwithgettingdatain" rel="noopener noreferrer" target="_blank" title="https://docs.splunk.com/Documentation/Splunk/latest/Data/Getstartedwithgettingdatain">Enterprise</a></li> <li><a data-saferedirecturl="https://www.google.com/url?q=https://docs.splunk.com/Documentation/SplunkCloud/8.2.2202/Data/WhatSplunkcanmonitor&amp;source=gmail&amp;ust=1651084776831000&amp;usg=AOvVaw2k0BPzJyynC3ZGIbiPpAel" href="https://docs.splunk.com/Documentation/SplunkCloud/latest/Data/Getstartedwithgettingdatain" rel="noopener noreferrer" target="_blank" title="https://docs.splunk.com/Documentation/SplunkCloud/latest/Data/Getstartedwithgettingdatain">Cloud Platform</a></li> <li><a data-saferedirecturl="https://www.google.com/url?q=https://docs.splunk.com/Observability/gdi/get-data-in/get-data-in.html%23nav-Get-data-into-Splunk-Observability-Cloud&amp;source=gmail&amp;ust=1651084776831000&amp;usg=AOvVaw0L4stwrSzYFe883Jl8acUB" target="_blank" title="https://docs.splunk.com/Observability/gdi/get-data-in/get-data-in.html#nav-Get-data-into-Splunk-Observability-Cloud" href="https://docs.splunk.com/Observability/gdi/get-data-in/get-data-in.html#nav-Get-data-into-Splunk-Observability-Cloud" rel="external noopener nofollow" class="link-https">Observability Cloud</a></li> </ul> </div> </div> </div> <div mt-section-origin="Data_Descriptors/Antivirus_and_antimalware_data" class="mt-section" id="section_1"><span id="Common_data_sources"></span><h2 class="editable">Common data sources</h2> <ul> <li><a href="https://splunkbase.splunk.com/app/3009/" rel="noopener" target="_blank" title="https://splunkbase.splunk.com/app/3009/">Splunk Add-on for McAfee Web Gateway</a></li> <li><a href="https://splunkbase.splunk.com/app/4656/" rel="noopener" target="_blank" title="https://splunkbase.splunk.com/app/4656/">Kaspersky Add-on for Splunk</a></li> <li><a title="https://splunkbase.splunk.com/app/2772/" href="https://splunkbase.splunk.com/app/2772/" target="_blank" rel="external noopener nofollow" class="link-https">Splunk&nbsp;Add-on for Symantec Endpoint Protection</a></li> <li><a title="https://splunkbase.splunk.com/app/5177/" href="https://splunkbase.splunk.com/app/5177/" target="_blank" rel="external noopener nofollow" class="link-https">CarbonBlack</a></li> <li><a title="https://splunkbase.splunk.com/app/2757/" href="https://splunkbase.splunk.com/app/2757/" target="_blank" rel="external noopener nofollow" class="link-https">Palo Alto Networks Add-on for Splunk</a></li> <li><a title="https://splunkbase.splunk.com/app/5082/" href="https://splunkbase.splunk.com/app/5082/" target="_blank" rel="external noopener nofollow" class="link-https">CrowdStrike Falcon Event Streams Technical Add-On</a></li> <li><a title="https://splunkbase.splunk.com/app/2758/" href="https://splunkbase.splunk.com/app/2758/" target="_blank" rel="external noopener nofollow" class="link-https">Splunk Add-on for Symantec Blue Coat ProxySG</a></li> </ul> </div><div mt-section-origin="Data_Descriptors/Antivirus_and_antimalware_data" class="mt-section" id="section_2"><span id="Use_cases_for_the_Splunk_platform"></span><h2 class="editable">Use cases for the Splunk platform</h2> <ul> <li><a title="Complying with General Data Protection Regulation" href="https://lantern.splunk.com/Security/UCE/Foundational_Visibility/Compliance/Running_common_General_Data_Protection_Regulation_(GDPR)_compliance_searches" rel="internal">Complying with General Data Protection Regulation</a></li> <li><a title="Monitoring NIST SP 800-53 rev5 control families" href="https://lantern.splunk.com/Security/UCE/Foundational_Visibility/Compliance/Monitoring_NIST_SP_800-53_rev5_control_families" rel="internal">Monitoring NIST SP 800-53 rev5 control families</a></li> <li><a title="Detecting recurring malware on a host" href="https://lantern.splunk.com/Security/UCE/Guided_Insights/Threat_hunting/Detecting_recurring_malware_on_a_host" rel="internal">Detecting recurring malware on a host</a></li> <li><a title="Investigating a ransomware attack" href="https://lantern.splunk.com/Security/UCE/Foundational_Visibility/Incident_management/Investigating_a_ransomware_attack" rel="internal">Investigating a ransomware attack</a></li> <li><a title="Reconstructing a website defacement" href="https://lantern.splunk.com/Security/UCE/Foundational_Visibility/Incident_management/Reconstructing_a_website_defacement" rel="internal">Reconstructing a website defacement</a></li> </ul> </div><div mt-section-origin="Data_Descriptors/Antivirus_and_antimalware_data" class="mt-section" id="section_3"><span id="Use_cases_for_Splunk_security_products"></span><h2 class="editable">Use cases for Splunk security products</h2> <ul> <li><a title="Triaging Crowdstrike malware data" href="https://lantern.splunk.com/Security/UCE/Foundational_Visibility/Incident_management/Triaging_Crowdstrike_malware_data" rel="internal">Triaging Crowdstrike malware data</a><span style="display:none;">&nbsp;</span></li> </ul> </div></div> </div> </div> <div class="mt-content-footer"> <p>&nbsp;</p> </div> <ol class="grape-meta-data grape-meta-article-navigation"> <li class="grape-back-to-top"><a class="mt-icon-back-to-top" href="#title" id="mt-back-to-top" title="Jump back to top of this article">Back to top</a></li> <li class="grape-article-pagination"><ul class="mt-article-pagination"> <li class="mt-pagination-previous"> <a class="mt-icon-previous-article" href="https://lantern.splunk.com/Data_Descriptors" title="Data Descriptors"><span>Data Descriptors</span></a> </li> <li class="mt-pagination-next"> <a class="mt-icon-next-article" href="https://lantern.splunk.com/Data_Descriptors/Application_data" title="Application data"><span>Application data</span></a> </li> </ul> </li> </ol> </div> </div> <div class="grape-footer grape-wrapper"> <div class="grape-wrapper-container"> <ol> <li class="grape-footer-copyright">&copy; Copyright 2024 Splunk Lantern</li> <li class="grape-footer-powered-by"><a href="https://mindtouch.com/demo" class="mt-poweredby product " title="MindTouch" target="_blank"> Powered by CXone Expert <span class="mt-registered">&reg;</span> </a></li> </ol> </div> </div> <div class="grape-footer-custom"> <div class="content-seperator-top"><p></p></div><div class="footer-wrapper"><footer><div class="footer-content-wrapper"><div class="footer-content-column"><div class="base-content"><div class="logo-container"><img src="/@api/deki/files/4014/Cisco-Splunk-Small-Transparent.png?origin=mt-web&lt;/div&gt;" alt="" /></div><div class="social-icon-container"><ul class="social-icon-list"><li class="social-icon-list-item"><a target="_blank" href="https://twitter.com/splunk" rel="external noopener nofollow" class="mt-icon-twitter4 link-https"></a></li><li class="social-icon-list-item"><a target="_blank" href="https://www.facebook.com/splunk" rel="external noopener nofollow" class="mt-icon-facebook6 link-https"></a></li><li class="social-icon-list-item"><a target="_blank" href="https://www.linkedin.com/company/splunk" rel="external noopener nofollow" class="mt-icon-linkedin2 link-https"></a></li><li class="social-icon-list-item"><a target="_blank" href="https://www.youtube.com/user/splunkvideos" rel="external noopener nofollow" class="mt-icon-youtube link-https"></a></li><li class="social-icon-list-item"><a target="_blank" href="https://www.instagram.com/splunk/" rel="external noopener nofollow" class="mt-icon-instagram3 link-https"></a></li></ul></div></div><div class="copyright-content"><p>&copy; 2005-2024 Splunk LLC All rights reserved.</p></div><div class="sitemap-content"><div class="sitemap-item"><a target="_blank" href="https://www.splunk.com/en_us/legal.html" rel="external noopener nofollow" class="link-https">Legal</a></div><div class="sitemap-item"><a target="_blank" href="https://www.splunk.com/en_us/legal/patents.html" rel="external noopener nofollow" class="link-https">Patents</a></div><div class="sitemap-item"><a target="_blank" href="https://www.splunk.com/en_us/legal/privacy/privacy-policy.html" rel="external noopener nofollow" class="link-https">Privacy</a></div><div class="sitemap-item"><a target="_blank" href="https://www.splunk.com/en_us/site-map.html" rel="external noopener nofollow" class="link-https">Sitemap</a></div><div class="sitemap-item"><a target="_blank" href="https://www.splunk.com/en_us/legal/terms/terms-of-use.html" rel="external noopener nofollow" class="link-https">Website Terms of Use</a></div></div></div></div></footer></div> <script type="text/javascript">/*<![CDATA[*/ const articleTitleContainer = document.querySelector(".elm-content-container header"); const articleTextContainer = document.querySelector("section.mt-content-container"); const sideNav = document.querySelector("aside.mt-content-side"); const burger = document.getElementById("side-nav-toggle-container"); function toggleSideNav() { articleTitleContainer.classList.toggle("side-nav-open"); articleTextContainer.classList.toggle("side-nav-open"); sideNav.classList.toggle("side-nav-open"); burger.classList.toggle("close"); } burger.addEventListener("click", toggleSideNav);/*]]>*/</script> <ol id="custom-classification-list" class="elm-meta-data elm-meta-bottom"></ol> <script type="text/javascript">/*<![CDATA[*/ document.addEventListener("DOMContentLoaded", function(event) { var pageTitle = document.getElementById("title"); var classifications = document.querySelector(".elm-classifications"); var listContainer = document.getElementById("custom-classification-list"); if (classifications) { var clone = classifications.cloneNode(true); listContainer.appendChild(clone); insertAfter(listContainer, pageTitle); var classificationsTop = document.querySelector("#custom-classification-list .elm-classifications"); var yesArr = classificationsTop.children; var check = checkClass(yesArr); console.log(check); if (check === 0) { listContainer.style.display = "none"; } else { listContainer.style.display = "block"; } } }); function insertAfter(newNode, existingNode) { existingNode.parentNode.insertBefore(newNode, existingNode.nextSibling); } function checkClass(arr) { var number = 0; for (var i =0; i < arr.length; i++) { var names = arr[i].classList; if (names[1].includes("mt-classification-technical-app-") || names[1].includes("mt-classification-technical-addon-") || names[1].includes("mt-classification-applied-product-")) { number++; } } return number; }/*]]>*/</script> </div> <script>/*<![CDATA[*/ dataLayer.push({"Pro_Member":seated}) /*]]>*/</script> <script>/*<![CDATA[*/ dataLayer.push({event:"Demandbase_Loaded"}); /*]]>*/</script> <script>/*<![CDATA[*/ /* * Hide default searchbar. * Show search bar only in default search page */ if (window.location?.pathname !== "/Special:Search") { const searchbarContainer = document.getElementsByClassName("elm-global-search"); if (searchbarContainer && searchbarContainer[0]) { searchbarContainer[0].replaceChildren(); } } /* * Set header background color to transparent * when user is in search page * In search page there is no search bar, then we can hide this header */ if (window.location?.pathname === "/Search") { const header = document.getElementsByClassName("elm-header-user-nav elm-nav"); if (header && header[0]) { header[0].style.backgroundColor = "transparent"; } } /*]]>*/</script> <script>/*<![CDATA[*/ /* * Render IT search bar component * Render in al locations different than new Search page */ if (window.location?.pathname !== "/Search") { const customThemeDefault = ` #sui-id-search-box-input-wrapper input { max-width: 100%; } `; const getSearchBarConfig = () => { return { env: "prod", language: "en", showSearchButton: false, searchBarRedirectUrl: "/Search", }; }; function renderSplunkSearchBarComponent() { const container = document.getElementById("ui-search-bar-container"); const headerContainer = document.getElementsByClassName("elm-global-search"); if (container) { const cc = document.createElement("wplt-search-bar-web-component"); cc.config = { ...getSearchBarConfig(), customTheme: customThemeDefault }; container.replaceChildren(cc); } if (headerContainer && headerContainer[0]) { const cc = document.createElement("wplt-search-bar-web-component"); cc.config = getSearchBarConfig(); headerContainer[0].replaceChildren(cc); } } } else { function renderSplunkSearchBarComponent() {} } /*]]>*/</script> <script defer="defer" onload="renderSplunkSearchBarComponent()" src="https://d38eume8qu1hmc.cloudfront.net/1.1.48/searchBar.js" type="text/javascript"></script> <script>/*<![CDATA[*/ /* * Render ITs Search component * Render only in search page */ if (window.location?.pathname === "/Search") { const getSearchConfig = () => { return { env: "prod", shouldClearFiltersOnNewSearch: false, language: "en", sideContentItems: "source_name_s,article_content_area_s,datePicker", analyticsConfig: { applicationName: "lantern", }, disclaimerSettings: { disableDisclaimer: true, }, initialFilters: [ { name: "source_name_s", value: ["Lantern"], type: "any", }, ], }; }; function renderSplunkSearchComponent() { const container = document.getElementById("ui-search-container"); if (container) { const cc = document.createElement("wplt-search-web-component"); cc.config = getSearchConfig(); container.replaceChildren(cc); } } } else { function renderSplunkSearchComponent() {} } /*]]>*/</script> <script defer="defer" onload="renderSplunkSearchComponent()" src="https://d38eume8qu1hmc.cloudfront.net/1.1.48/search.js" type="text/javascript"></script> <style>/*<![CDATA[*/ .elm-global-search { width: 50%; } /*]]>*/</style> </body> </html>

Pages: 1 2 3 4 5 6 7 8 9 10