topic Re: Is this IP safe //127.0.0.1:8000/en-US/account/login?return_to=%2Fen-US%2F in Splunk Enterprise Security

Is this IP safe //127.0.0.1:8000/en-US/account/login?return_to=%2Fen-US%2F

jcodjo3 — Thu, 29 Oct 2020 02:32:16 GMT

I tried to log into slunk enterprise and was told by 2 web browsers chrome and edge that the security certificate had expired for the website and that it could be under potential attack. Is this a generic browser message or should this be considered a security risk.

Re: Is this IP safe //127.0.0.1:8000/en-US/account/login?return_to=%2Fen-US%2F

renjith_nair — Thu, 29 Oct 2020 03:09:02 GMT

127.0.0.1 is the loopback IP address aka the localhost. So you installed splunk on the same machine from where you are trying to access. Now you know whether its safe or not 🙂

Re: Is this IP safe //127.0.0.1:8000/en-US/account/login?return_to=%2Fen-US%2F

isoutamo — Thu, 29 Oct 2020 06:38:44 GMT

In this particular case if all connection has done via 127.0.0.1 this is not an issue. But/when there are connections with it's public address then you should fix it by renewing the server's certificate. If you are using Splunk's own (not recommended) then it's usually renewer when you are updating splunk. And when you are using your own/official you must do it by yourself.

r. Ismo