Security

Can you hide the Splunk Forwarder service to combat exploit kit modules?

joeldavideng
Path Finder

I recently ran across some exploit kit modules designed to stymie incident responders by attacking endpoint security agents (Splunk included) and wanted to know if I could hide the Splunk service on my endpoints. The modules do simple string searches for service names so renaming the Splunk Forwarder service to something innocuous would do the trick. Does anyone know how to do this on Windows and Linux hosts without breaking Splunk?

Get Updates on the Splunk Community!

Video | Welcome Back to Smartness, Pedro

Remember Splunk Community member, Pedro Borges? If you tuned into Episode 2 of our Smartness interview series, ...

Detector Best Practices: Static Thresholds

Introduction In observability monitoring, static thresholds are used to monitor fixed, known values within ...

Expert Tips from Splunk Education, Observability in Action, Plus More New Articles on ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...