Comments (6)
kulcsari
commented on June 20, 2024
Hi,
Here is the list:
GNRL_EV_FULLSCAN_STATUS_NOTIFICATION
GNRL_EV_OBJECT_BLOCKED
GNRL_EV_OBJECT_CURED
KLAUD_EV_OBJECTMODIFY
KLAUD_EV_SERVERCONNECT
KLNAG_EV_INV_OBS_APP_UNINSTALLED
KLNAG_EV_PATCH_INSTALLED_SUCCESSFULLY
KLNAG_EV_PATCH_INSTALL_STARTING
KLSRV_HOST_MOVED_WITH_RULE_EX
KLSRV_HOST_STATUS_CRITICAL
KLSRV_HOST_STATUS_WARNING
KLSRV_INVISIBLE_HOSTS_REMOVED
KLSRV_RUNTIME_ERROR
I didn't found so far a guide to the meanings of this.
from ta-kaspersky.
diogofgm
commented on June 20, 2024
Me neither when I was building the TA.
Can you send me a sanitised example of an event for each one of those? There are a few that I think might be related to the system but others might be related to malware detection.
from ta-kaspersky.
kulcsari
commented on June 20, 2024
Hi,
I will, but unfortunately, it will take time because of my other tasks.
Off: Do you plan to check CEF format sending? There is some interference with CEF header and malware CIM model fields... (Siganture, signature_id, etc)... But without kapsersky experience or guide, not an easy task for me...
from ta-kaspersky.
diogofgm
commented on June 20, 2024
No problem. I also have my own work to do.
In newer versions of KSC there is an option for sending logs with a "splunk format" which looks like CEF. If I recall correctly, there just few changes I would need to do. But yes, im considering updating the TA to extract the fields if the CEF format is being used.
I'm not an expert on Kaspersky either but its just a matter of making sense of the data.
Just a remark: for any other issue, enhancement, suggestion you might have, open an issue here so I can have them tracked and closed after they are done.
from ta-kaspersky.
diogofgm
commented on June 20, 2024
Thanks Istvan for the file. I'll take a look at this and update the TA
from ta-kaspersky.
diogofgm
commented on June 20, 2024
The reworked version available in Splunkbase addresses all the missing sourcetype renaming.
from ta-kaspersky.
Related Issues (11)
- splunk enterprise security HOT 13
- Signature field coverage
- Build sourcetype for syslog
- Fields are not renamed to follow CIM HOT 4
- Build extractions for CEF format HOT 1
- can't see anything related to CEF HOT 1
- I've used the addon but malware center is showing nothing HOT 7
- regex issues HOT 1
- Problem extracting data (Fields related) HOT 15
- Any Graph not shown data HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ta-kaspersky.