Kaseya - Malware Threat Detections

Here's a dataset to pull in Malware Threat detections from Malwarebytes using Kaseya. This pulls in data from the last 180 days and is formatted for use in BrightGauge 4.0

select kti.id,
vm.machname AS 'Machine_Name',
k.orgname AS client_name,
vm.groupname as group_name,
vm.LoginName AS 'User Logged In',
kti.ThreatName,
CASE
WHEN kti.ThreatPath like 'HK%' Then 'Registry'
WHEN kti.ThreatPath like 'C:\%' then 'C:_Path_File'
ELSE 'Other'
END as Threat_Type,
DATEADD(hh, DATEDIFF(hh, GETDATE(), GETUTCDATE()),cast(kti.TimeStamp as datetime)) as 'Date_Detected',
kti.UserAccount,
kti.ActionTaken,
kti.Category,
CASE
WHEN ((vm.OsType = '2000' and vm.OsInfo not like 'Professional%') OR vm.OSType = '2003' OR vm.OSType = '2008' OR vm.OSType = '2012') THEN 'Server'
ELSE 'Workstation'
END AS 'Machine Type'
from kam.KamThreatIncidents kti
INNER JOIN vMachine vm
ON vm.agentGuid = kti.agentGuid
INNER JOIN machGroup mg
ON mg.reverseName = vm.groupName
INNER JOIN kasadmin.org k ON k.id = mg.orgFK
where datediff(dd,kti.timestamp,current_timestamp) <= 180

Didn't find what you were looking for?

New post

Would you like to vote for this feature?

0 out of 0 found this helpful

Comments

1 comment

Integrations Team
February 23, 2015 21:42

If you want to create a gauge from this to check for Superfish, try the following filter:

threatname

like

%Superfish%

0

Kaseya - Malware Threat Detections Follow

Comments

Kaseya - Malware Threat Detections
Follow