Code Monkey home page Code Monkey logo

Comments (6)

kulcsari avatar kulcsari commented on June 20, 2024

Hi,
Here is the list:
GNRL_EV_FULLSCAN_STATUS_NOTIFICATION
GNRL_EV_OBJECT_BLOCKED
GNRL_EV_OBJECT_CURED
KLAUD_EV_OBJECTMODIFY
KLAUD_EV_SERVERCONNECT
KLNAG_EV_INV_OBS_APP_UNINSTALLED
KLNAG_EV_PATCH_INSTALLED_SUCCESSFULLY
KLNAG_EV_PATCH_INSTALL_STARTING
KLSRV_HOST_MOVED_WITH_RULE_EX
KLSRV_HOST_STATUS_CRITICAL
KLSRV_HOST_STATUS_WARNING
KLSRV_INVISIBLE_HOSTS_REMOVED
KLSRV_RUNTIME_ERROR

I didn't found so far a guide to the meanings of this.

from ta-kaspersky.

diogofgm avatar diogofgm commented on June 20, 2024

Me neither when I was building the TA.
Can you send me a sanitised example of an event for each one of those? There are a few that I think might be related to the system but others might be related to malware detection.

from ta-kaspersky.

kulcsari avatar kulcsari commented on June 20, 2024

Hi,
I will, but unfortunately, it will take time because of my other tasks.

Off: Do you plan to check CEF format sending? There is some interference with CEF header and malware CIM model fields... (Siganture, signature_id, etc)... But without kapsersky experience or guide, not an easy task for me...

from ta-kaspersky.

diogofgm avatar diogofgm commented on June 20, 2024

No problem. I also have my own work to do. 😄
In newer versions of KSC there is an option for sending logs with a "splunk format" which looks like CEF. If I recall correctly, there just few changes I would need to do. But yes, im considering updating the TA to extract the fields if the CEF format is being used.
I'm not an expert on Kaspersky either but its just a matter of making sense of the data.

Just a remark: for any other issue, enhancement, suggestion you might have, open an issue here so I can have them tracked and closed after they are done.

from ta-kaspersky.

diogofgm avatar diogofgm commented on June 20, 2024

Thanks Istvan for the file. I'll take a look at this and update the TA

from ta-kaspersky.

diogofgm avatar diogofgm commented on June 20, 2024

The reworked version available in Splunkbase addresses all the missing sourcetype renaming.

from ta-kaspersky.

Related Issues (11)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.