Security

Are there any security vulnerability check reports done by Splunk?

Tristan9608
Engager

Hi,

My customer have configured Splunk to get the data in from "GitHub audit log stream" with Http Event Collector installed in their DMZ Server(with 8088 port open to the outside internet), Which forwards the data to another Splunk server within their secure server with only 9997, 8000 and 8088 port opened.

But, in order to open 8088 port from DMZ Server, they have to complete their Security Vulnerability Check. 

The problem is that the check returned with various security vulnerabilities, and that prevents them to open the port.

the vulnerabilities returned is as below.

phpPgAdmin redirect.php URL redirection
Spring Boot Actuator endpoint exposed
Missing "Content-Security-Policy" header
Sensitive Authentication (Basic) Information Leakage
Missing HttpOnly attribute in session cookie
Cookies with insecure, incorrect or missing SameSite attributes
Discover compressed directories
Unnecessary Http response headers were found in the application
Include sensitive session information in persistent cookies
Discovery of web application source code exposure patterns
host header injection

Are there any security vulnerability check reports done by Splunk? or some way to solve this vulnerability?

Thank you in advance.

 

Labels (1)
0 Karma
Get Updates on the Splunk Community!

Index This | How many sides does a circle have?

February 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...

Splunkbase | Splunk Dashboard Examples App for SimpleXML End of Life

The Splunk Dashboard Examples App for SimpleXML will reach end of support on Dec 19, 2024, after which no new ...