Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
Internet scan found virus:
Folder: SMTP Messages\<direction>
Message: <snippet from start of body>
File: <location of virus>
Incident: <virus name>
|English: Request a translation of the event description in plain English.|
This event is generated by the Sybari Antigen program when it finds a virus. <direction> can be either Inbound, Outbound, or Internal, depending on which mail queue it found the virus in. <virus name> will either be the name of the Virus found, or in the case that the mail message matched one of the keyword or spam block lists, the offending keyword. <state> is either "Purged" or "Quarantined" depending on the options selected in the Antigen program.
Anne Jan Elsinga
“ExceedinglyNested” is the value Antigen returns when it encounters a compressed file that contains more than the pre-set number of nested compressed files. This value is set to 5 by default but may be changed in the registry setting "MaxNestedCompressedFiles". See Sybari Knowledge Base for more details.
|Private comment: Subscribers only. See example of private comment|
|Links: Sybari Knowledge Base|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated