SIEM

Next-Generation Antivirus Use Cases

Grouped by Detection Method

Aggregate Count

• Count of Alarms per Source User
• Count of Alarms per Source System

Blacklist Alert

• Any Server Firing Alarms

Whitelist Alert

Levenshtein Score Alert

Rolling Whitelist Alert

• Newly Observed Virus Scan Signature
• Newly Observed Virus Scan Signature per System/User

Shannon Entropy Score Alert

Threshold Alert

Log Source Examples

Possible False Positives

This site is open source. Improve this page.