All Apps and Add-ons

Splunk PCI app complaining about insecure port 8543 and 8443 out of JBoss.

cbglobal
New Member

How do I configure the PCI app to consider ports 8543 and 8443 secure?

example
Our DMZ web server runs JBoss and we receive HTTPS 443 from the outside (Internet) to a front-end IIS server, but it communicates on port 8543 or 8443 to the JBoss server. It is secure HTTPS, but on this alternate port.

How can we have Splunk's PCI app recognize this as secure and OK?

Tags (1)
0 Karma

chaoslodge
Explorer

The lookups (ie Interesting_Ports.csv) are indeed where you would teach your instance of the PCI App to work with your environment. You can edit from within the Splunk App or you can find the particular .csv file and edit in Excel or whatever editor you prefer.

Keep in mind, Splunk, wants the UTF-8 encoding when you save to .csv format. Excel will not do this but if you open the saved .csv file from Excel in notepad, you can then change the encoding with the drop down next to the save button.

cbglobal
New Member

I found a place in "interesting ports" that seems to be the correct area to provide port definitions for the PCI app.

0 Karma

hazekamp
Builder

cbglobal,

Can you elaborate where this complaint is coming from. What view/dashboard or alert are you seeing this behavior in?

Thanks,
David

0 Karma
Get Updates on the Splunk Community!

Your Guide to SPL2 at .conf24!

So, you’re headed to .conf24? You’re in for a good time. Las Vegas weather is just *chef’s kiss* beautiful in ...

Get ready to show some Splunk Certification swagger at .conf24!

Dive into the deep end of data by earning a Splunk Certification at .conf24. We're enticing you again this ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Now On-Demand Join us to learn more about how you can leverage Service Level Objectives (SLOs) and the new ...