EICAR Testing with Splunk
Need to provide evidence that your malware response on Linux is ready? Read on!
This TA randomly places the EICAR test file on common malware locations on the Linux file system and logs it's change out. This is helpful in testing your blue/purple team detection on the Linux platform. Provides evidence of incident response ability to auditors as well.
This saved the day in our PCI audit last year. The logs created a clear historical of incidents which we could easily compare to our SOC responses.
Learn More about EICAR here -
Download and tweak the app here - https://splunkbase.splunk.com/app/4923/