Security

How can I receive Splunk security announcements via email?

stefanlasiewski
Contributor

I see that Splunk 5.0.3 was released a few days ago to resolve some security issues. I was unaware of this security update until my security team informed me of a security notice passed on via CERT.

http://www.splunk.com/page/securityportal tells me that I can receive security alerts via RSS:

Stay up to date on security announcements. Subscribe to our RSS feed to be alerted of new announcements.

In addition, my Splunk installation is not informing me of a new release. There is no mention of any update within the application, anywhere. Splunk does not use yum/RPM repositories for Red Hat Enterprise Linux-derived OSes and does not provide an apt-repository for Debian & Ubuntu OSes, which are other tools that helps system administrators with our busy busy work.

I don't use RSS feeds, nor do most people. I manage a hundred different applications, and Splunk is just one of them. I really don't have time to constantly check the website for each and every application to see if an update is available. Normally I have tools such as Yum, apt and email-lists that automate most of this work for me. Email is the standard mechanism that most vendors use for Security Notifications. How can I receive Splunk security alerts via email?

Tags (2)
1 Solution

dwolf_splunk
Splunk Employee
Splunk Employee

Great questions Stefan! Thank you for your ideas and input. Splunk tremendously values and encourages this medium for sharing and realizing the future of the big data scientific community.

First, we agree - stay tuned for the email solution you've requested. We're also exploring other communication mechanisms to unify such messaging across digital channels; We're explicitly discussing each of the tools you've proposed. Your Yum question is in immediate focus, and if there's anywhere else you're listening that Splunk ought to be, please do let us know.

Second, 5.0.x versions of Splunk were not affected, and this may be why you didn't receive an alert within Splunk itself. As an example of in-Splunk notification, a 6.0.2 English-language Splunk should show an alert placard with the message "A new maintenance release of Splunk is here" on the login page. If you're on 6.0.x and not receiving this alert, please confirm the Splunk version you are running and any tips for reproduction.

View solution in original post

locose
Path Finder

Is it now possible to receive splunk security notification via email?

dwolf_splunk
Splunk Employee
Splunk Employee

Great questions Stefan! Thank you for your ideas and input. Splunk tremendously values and encourages this medium for sharing and realizing the future of the big data scientific community.

First, we agree - stay tuned for the email solution you've requested. We're also exploring other communication mechanisms to unify such messaging across digital channels; We're explicitly discussing each of the tools you've proposed. Your Yum question is in immediate focus, and if there's anywhere else you're listening that Splunk ought to be, please do let us know.

Second, 5.0.x versions of Splunk were not affected, and this may be why you didn't receive an alert within Splunk itself. As an example of in-Splunk notification, a 6.0.2 English-language Splunk should show an alert placard with the message "A new maintenance release of Splunk is here" on the login page. If you're on 6.0.x and not receiving this alert, please confirm the Splunk version you are running and any tips for reproduction.

shawngarrettsgp
Path Finder

Hello, any ways to receive email notifications yet?

0 Karma

stefanlasiewski
Contributor

Thanks for the answer. I look forward to the new solution. To confirm, I am using Splunk 5 not Splunk 6. I suppose things are better in Splunk 6 but I'm unable to find the time to upgrade. Hopefully soon.

0 Karma

piebob
Splunk Employee
Splunk Employee

sorry, that was me--i deleted Yann's answer because it wasn't really about your original question (email subscription). i'm getting someone from prodsec to answer that. my apologies! (ps i asked Yann first :))

0 Karma

stefanlasiewski
Contributor

@yannK your previous comment was deleted, FYI.

0 Karma

stefanlasiewski
Contributor

I use Splunk with Single Sign On. Therefore the update notice never appears on the Login screen. I tried the old Splunk login page and it doesn't mention anything about an update.

0 Karma

yannK
Splunk Employee
Splunk Employee

correction : 6.0.3 was released to address openSSL issue in 6., 5. was not impacted.

0 Karma

linu1988
Champion

Can we not use splunk for the same 😄

https://apps.splunk.com/app/278/

to monitor RSS and alert when there is any security announcement?

Just an idea

Thanks

Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...