Search
  • danielpwilson

EICAR Testing with Splunk

Need to provide evidence that your malware response on Linux is ready? Read on!

This TA randomly places the EICAR test file on common malware locations on the Linux file system and logs it's change out. This is helpful in testing your blue/purple team detection on the Linux platform. Provides evidence of incident response ability to auditors as well.


This saved the day in our PCI audit last year. The logs created a clear historical of incidents which we could easily compare to our SOC responses.


Learn More about EICAR here -

https://en.wikipedia.org/wiki/EICAR_test_file


Download and tweak the app here - https://splunkbase.splunk.com/app/4923/

22 views0 comments

Recent Posts

See All

How do I learn Splunk administration?

Had an old coworker hit me up a week ago. He took a job as a SOC analyst where part of his job is going to be supporting Splunk. He's a smart guy but Splunk is more complex than it looks. Given I've a