Security

Can you hide the Splunk Forwarder service to combat exploit kit modules?

joeldavideng
Path Finder

I recently ran across some exploit kit modules designed to stymie incident responders by attacking endpoint security agents (Splunk included) and wanted to know if I could hide the Splunk service on my endpoints. The modules do simple string searches for service names so renaming the Splunk Forwarder service to something innocuous would do the trick. Does anyone know how to do this on Windows and Linux hosts without breaking Splunk?

Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...