Help in Creating Malware Dataset and Report

Forum|Forum|10 years ago
November 11, 2015
1 reply
3903 views

help! I want to consolidate the 3 datasets below to create 1 report for malware.

Report should look like tihs:

Source IP | destination IP | Count | Virus name

Malware Source

chart - top malware sources [size="2"]dataset - threat-top-virus-source[/size]

Malware Victims chart - Top Virus victims [size="2"]dataset - utm-top-virus-user[/size]

Malware Detected chart - Top Malware [size="2"]dataset - utm-Top-Virus[/size]

aidotta

New Member

Dear abe_dr,

I don't know if you have found how to create the dataset, if not and you still need it here is the code to put inside the dataset: select virus, max(virusid_s) as virusid, (case when virus like 'Riskware%' then 'Spyware' when virus like 'Adware%' then 'Adware' else 'Virus' end) as malware_type, attacker, victim, sum(totalnum) as totalnum from ###(select virus, virusid_to_str(virusid, eventtype) as virusid_s, srcip as victim, ipstr(`dstip`) as attacker, count(*) as totalnum from $log where $filter and (eventtype is null or logver>=502000000) and nullifna(virus) is not null group by virus, virusid_s, attacker, victim /*SkipSTART*/order by totalnum desc/*SkipEND*/)### t group by virus, malware_type, attacker, victim order by totalnum desc

Result:

virus virusid malware_type attacker victim totalnum

HTML/yyyy xxxxxx Virus xx.xx.xx.xxx xxx.xxx.xxx.xxx x

Bye Aido

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded