Getting Data In

SPLUNK aide.conf exclusions


We are scanning our splunk enterprise instance with AIDE for linux and have a decent set of exclusions defined otherwise it is VERY noisy with findings. We are still getting quite a bit of noise from things like installed apps or add ons in seemingly benign files. Is there a recommended AIDE configuration for Splunk that will focus it only on the 'important' files. We don't want to too broadly just exclude top level directories so if this has been solved, I would love to hear about your aide.conf exclusion settings for splunk.

Labels (3)
0 Karma



you could use Splunk's antivirus configuration as a baseline for aide. See those from

r. Ismo

0 Karma
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...