Scheduled Task Monitoring
uberAgent ESA monitors changes to Windows scheduled tasks. Whenever a task is created, updated, or deleted, uberAgent generates an event with all available details. This includes properties that are not displayed in the Windows Task Scheduler UI, such as COM actions or custom triggers.
Configuration
uberAgent ESA scheduled task monitoring is enabled or disabled through the on-demand metric ScheduledTaskMonitoring
. In the default configuration, scheduled task monitoring is enabled.
Metadata
Sourcetype
ESA scheduled task monitoring events are assigned the sourcetypes:
uberAgentESA:System:ScheduledTasks
uberAgentESA:System:ScheduledTaskActions
uberAgentESA:System:ScheduledTaskTriggers
Please see the metrics documentation for a description of the fields.
Visualization
ESA scheduled task monitoring events are visualized in the Scheduled Tasks dashboard which is part of the uberAgent_ESA
Splunk searchhead app.