I've recently indexed kaspersky security center 10 data in splunk, but malware center in enterprise security showed nothing.
I found the following add-on "TA-kaspersky https://github.com/devBusters/TA-kaspersky " and used it but got nothing.
After that I modified some regex values in it on the following repo "TA-kaspersky https://github.com/barakat-abweh/TA-kaspersky
" on my github and still modifying it and managed to get malware center dashboard working but still having some problems with fields calculation eg:- action,category ... etc anything i do it keep showing unknown.
Any help? or if any one wants to help in developing the add-on you are welcome
... View more