• danielpwilson

EICAR Testing with Splunk

Need to provide evidence that your malware response on Linux is ready? Read on!

This TA randomly places the EICAR test file on common malware locations on the Linux file system and logs it's change out. This is helpful in testing your blue/purple team detection on the Linux platform. Provides evidence of incident response ability to auditors as well.

This saved the day in our PCI audit last year. The logs created a clear historical of incidents which we could easily compare to our SOC responses.

Learn More about EICAR here -

Download and tweak the app here -

30 views0 comments

Recent Posts

See All

Do you need to dedup when using stats?

I had to do some casual counting of sourcetypes today. In the process I was trying to decide if I needed to dedup before going to stats. It seemed to me a dedup would, in theory, pass less data to sta

How do I learn Splunk administration?

Had an old coworker hit me up a week ago. He took a job as a SOC analyst where part of his job is going to be supporting Splunk. He's a smart guy but Splunk is more complex than it looks. Given I've a