Scheduled Task Monitoring
uberAgent ESA monitors changes to Windows scheduled tasks. Whenever a task is created, updated, or deleted, uberAgent generates an event with all available details. This includes properties that are not displayed in the Windows Task Scheduler UI, such as COM actions or custom triggers.
uberAgent ESA scheduled task monitoring is enabled or disabled through the on-demand metric
ScheduledTaskMonitoring. In the default configuration, scheduled task monitoring is enabled.
ESA scheduled task monitoring events are assigned the sourcetypes:
Please see the metrics documentation for a description of the fields.
ESA scheduled task monitoring events are visualized in the Scheduled Tasks dashboard which is part of the
uberAgent_ESA Splunk searchhead app.