Deployment Architecture

FortiGate Add-On for Splunk logs encrypted passwords?

guarisma
Contributor

We are seeing logs like this that might contain a base64 encoded encrypted password and we would like to know if this is a risk of leaving this in Splunk since we don't know how strong this encryption is, and if possible to remove it from the source or should we make a filter in a transforms to discard this information

Dec  9 15:54:07 10.X.Y.Z date=2020-12-09 time=15:54:08 devname="FORTIGATE" devid="FG100" logid="0100044547" type="event" subtype="system" level="information" vd="root" eventtime=1607547248698893780 tz="-0500" logdesc="Object attribute configured" user="admin" ui="GUI(10.X.Y.Z)" action="Add" cfgtid=10289326 cfgpath="user.local" cfgobj="USER" cfgattr="type[password]passwd[ENC JcB/fAvi7lxawB9OqPN2t8WE4MnLXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXvmv1EMRzPZPdMAhWppDbaqNyr1tGx5eDmxg==]" msg="Add user.local USER"

 

Labels (1)
0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...