Security
Highlighted

How can I receive Splunk security announcements via email?

Contributor

I see that Splunk 5.0.3 was released a few days ago to resolve some security issues. I was unaware of this security update until my security team informed me of a security notice passed on via CERT.

http://www.splunk.com/page/securityportal tells me that I can receive security alerts via RSS:

Stay up to date on security announcements. Subscribe to our RSS feed to be alerted of new announcements.

In addition, my Splunk installation is not informing me of a new release. There is no mention of any update within the application, anywhere. Splunk does not use yum/RPM repositories for Red Hat Enterprise Linux-derived OSes and does not provide an apt-repository for Debian & Ubuntu OSes, which are other tools that helps system administrators with our busy busy work.

I don't use RSS feeds, nor do most people. I manage a hundred different applications, and Splunk is just one of them. I really don't have time to constantly check the website for each and every application to see if an update is available. Normally I have tools such as Yum, apt and email-lists that automate most of this work for me. Email is the standard mechanism that most vendors use for Security Notifications. How can I receive Splunk security alerts via email?

Tags (2)
Highlighted

Re: How can I receive Splunk security announcements via email?

Champion

Can we not use splunk for the same 😄

https://apps.splunk.com/app/278/

to monitor RSS and alert when there is any security announcement?

Just an idea

Thanks

Highlighted

Re: How can I receive Splunk security announcements via email?

Splunk Employee
Splunk Employee

correction : 6.0.3 was released to address openSSL issue in 6., 5. was not impacted.

0 Karma
Highlighted

Re: How can I receive Splunk security announcements via email?

Contributor

I use Splunk with Single Sign On. Therefore the update notice never appears on the Login screen. I tried the old Splunk login page and it doesn't mention anything about an update.

0 Karma
Highlighted

Re: How can I receive Splunk security announcements via email?

Contributor

@yannK your previous comment was deleted, FYI.

0 Karma
Highlighted

Re: How can I receive Splunk security announcements via email?

Splunk Employee
Splunk Employee

sorry, that was me--i deleted Yann's answer because it wasn't really about your original question (email subscription). i'm getting someone from prodsec to answer that. my apologies! (ps i asked Yann first :))

0 Karma
Highlighted

Re: How can I receive Splunk security announcements via email?

Splunk Employee
Splunk Employee

Great questions Stefan! Thank you for your ideas and input. Splunk tremendously values and encourages this medium for sharing and realizing the future of the big data scientific community.

First, we agree - stay tuned for the email solution you've requested. We're also exploring other communication mechanisms to unify such messaging across digital channels; We're explicitly discussing each of the tools you've proposed. Your Yum question is in immediate focus, and if there's anywhere else you're listening that Splunk ought to be, please do let us know.

Second, 5.0.x versions of Splunk were not affected, and this may be why you didn't receive an alert within Splunk itself. As an example of in-Splunk notification, a 6.0.2 English-language Splunk should show an alert placard with the message "A new maintenance release of Splunk is here" on the login page. If you're on 6.0.x and not receiving this alert, please confirm the Splunk version you are running and any tips for reproduction.

View solution in original post

Highlighted

Re: How can I receive Splunk security announcements via email?

Contributor

Thanks for the answer. I look forward to the new solution. To confirm, I am using Splunk 5 not Splunk 6. I suppose things are better in Splunk 6 but I'm unable to find the time to upgrade. Hopefully soon.

0 Karma
Highlighted

Re: How can I receive Splunk security announcements via email?

Path Finder

Hello, any ways to receive email notifications yet?

0 Karma
Highlighted

Re: How can I receive Splunk security announcements via email?

Path Finder

Is it now possible to receive splunk security notification via email?