SolarWinds Log & Event Manager (LEM) is a powerful SIEM tool that allows you to be proactive with your network needs. It provides functionality where you can monitor your antivirus software to track whether or not your antivirus solution is able to fully clean the viruses it detects.
To create a LEM Rule to track when viruses are not cleaned, you need to clone and enable the Virus Attack – Bad State rule to track the state of virus attacks reported by your antivirus software. The Bad Virus State User-Defined Group defines a bad state as any virus that has not been fully cleaned by your antivirus software. That is, any virus that has been left alone, quarantined, or renamed. The default action for this rule is to generate a HostIncident event, which you can use in conjunction with the Incidents report to prove to auditors that you are auditing the critical events on your network.
The following is how you can configure your antivirus software to log to your SolarWinds LEM appliance and set up the appropriate tool on your SolarWinds LEM Manager.