Splunk Enterprise Security

can some one help which CIM model maps to below event

vikram1583
Explorer

can you see if these events can fit into the Malware data model
LogName=Application
SourceName=Trend Micro OfficeScan Server
EventCode=800
EventType=3
Type=Warning
ComputerName=XXXXXXX.XXXXXX.com
User=NOT_TRANSLATED
Sid=S-1-5-18
SidType=0
TaskCategory=System
OpCode=None
RecordNumber=432219
Keywords=Classic
Message=C&C callback detected

Compromised Host: XXXXXX-XX93

IP Address: XX.XXX.19.XX

Domain: XXX prod-dba\

Date/Time: 1/2/2020 10:22:27

Callback address: xx.xxx.xx.43

C&C risk level: Dangerous

C&C list source: Relevance Rule
Action: Logged

0 Karma

kchamplin_splun
Splunk Employee
Splunk Employee
0 Karma

woodcock
Esteemed Legend

Yes, that event should be in the Malware datamodel.

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...