Searching for Kaspersky Scan Engine events in Splunk
March 5, 2024
ID 220782
Searching for object scan results
To display events containing object scan results,
Use the following search query:
source="scanengine" "Scan result" msg=*scan* | eval cs2=coalesce(cs2,"-") | rename cs1 as "Scan Result", cs2 as "Virus Name", fname as "Object", src as "Source Address", fileHash as "Object Hashsum" |table _time, "Object Hashsum",Object,"Scan Result","Virus Name","Source Address"
Searching for object scan results
Searching for URL check results
To display events containing URL check results,
Use the following search query:
source="scanengine" "Scan result" msg=URL* | rename cs1 as "Scan Result", request as "Scanned URL", src as "Source Address" | table _time, "Scanned URL", "Scan Result", "Source Address"
Searching for URL check results
