anti virus status on linux servers

rashid47010 · ‎03-21-2019

There are serveral linux/unix/suse servers where antivirus solution is not installed.
what is the query to get the list of unix servers where antivirus solution is not installed.

lakshman239 · ‎03-25-2019

In that case, you can install Splunk Add on for linux and use a scripted input [look at default/inputs.conf] to monitor all the processes [ e.g. AV] . You can then write a search to find out which host has AV process or not.

lakshman239 · ‎03-21-2019

Do you store the AV logs in any splunk index, that can show on which hosts it has installed AV solution? If yes, we can look at that and compare against your list of all servers.

rashid47010 · ‎03-23-2019

thats good idea, but I am thinking in different direction. we have the logs that which services are running on unix servers. so if AV service is running

OR if there is some script to check AV status on servers and write the logs in messages. from messages we can get the 100% authentic logs.

because you know asset modeling is always dynamic specially where most of the machines are VM.

anti virus status on linux servers

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

Splunk APM: New Product Features + Community Office Hours Recap!

Index This | Forward, I’m heavy; backward, I’m not. What am I?