Warning
Splunkbase Classic has been deprecated and will be deactivated on February 18, 2026.
Warning

This app is archived. App archiving documentation

TA-eicar app icon

TA-eicar

Need to provide evidence that your malware response on Linux is ready? Read on!

Built by
splunk product badge
Latest Version 1.0.0
March 14, 2020
Compatibility
Splunk Enterprise
Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3, 7.2, 7.1, 7.0
CIM Version: 4.x, 3.x
Rating

0

(0)

Log in to rate this app
Support
TA-eicar support icon
Not Supported
Need to provide evidence that your malware response on Linux is ready? Read on! This TA randomly places the EICAR test file on common malware locations on the Linux file system and logs it's change out. This is helpful in testing your blue/purple team detection on the Linux platform. Provides evidence of incident response ability to auditors as well. This saved the day in our PCI audit last year. The logs created a clear historical of incidents which we could easily compare to our SOC responses. Learn More about EICAR here - https://en.wikipedia.org/wiki/EICAR_test_file

Categories

Security, Fraud & Compliance

Created By

Daniel Wilson

Type

addon

Downloads

342

Licensing

End User License Agreement for Third-Party Content(Opens new window)

Splunk Answers

Ask a question about this app listing(Opens new window)

Resources

Log in to report this app listing