All Apps and Add-ons

Splunk PCI app complaining about insecure port 8543 and 8443 out of JBoss.

cbglobal
New Member

How do I configure the PCI app to consider ports 8543 and 8443 secure?

example
Our DMZ web server runs JBoss and we receive HTTPS 443 from the outside (Internet) to a front-end IIS server, but it communicates on port 8543 or 8443 to the JBoss server. It is secure HTTPS, but on this alternate port.

How can we have Splunk's PCI app recognize this as secure and OK?

Tags (1)
0 Karma

chaoslodge
Explorer

The lookups (ie Interesting_Ports.csv) are indeed where you would teach your instance of the PCI App to work with your environment. You can edit from within the Splunk App or you can find the particular .csv file and edit in Excel or whatever editor you prefer.

Keep in mind, Splunk, wants the UTF-8 encoding when you save to .csv format. Excel will not do this but if you open the saved .csv file from Excel in notepad, you can then change the encoding with the drop down next to the save button.

cbglobal
New Member

I found a place in "interesting ports" that seems to be the correct area to provide port definitions for the PCI app.

0 Karma

hazekamp
Builder

cbglobal,

Can you elaborate where this complaint is coming from. What view/dashboard or alert are you seeing this behavior in?

Thanks,
David

0 Karma
Get Updates on the Splunk Community!

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...