Deployment Architecture

FortiGate Add-On for Splunk logs encrypted passwords?

guarisma
Contributor

We are seeing logs like this that might contain a base64 encoded encrypted password and we would like to know if this is a risk of leaving this in Splunk since we don't know how strong this encryption is, and if possible to remove it from the source or should we make a filter in a transforms to discard this information

Dec  9 15:54:07 10.X.Y.Z date=2020-12-09 time=15:54:08 devname="FORTIGATE" devid="FG100" logid="0100044547" type="event" subtype="system" level="information" vd="root" eventtime=1607547248698893780 tz="-0500" logdesc="Object attribute configured" user="admin" ui="GUI(10.X.Y.Z)" action="Add" cfgtid=10289326 cfgpath="user.local" cfgobj="USER" cfgattr="type[password]passwd[ENC JcB/fAvi7lxawB9OqPN2t8WE4MnLXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXvmv1EMRzPZPdMAhWppDbaqNyr1tGx5eDmxg==]" msg="Add user.local USER"

 

Labels (1)
0 Karma
Get Updates on the Splunk Community!

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...