Solved: How to protect Splunk login page from Brute force ...

omoulene · ‎08-18-2015

I have to check if Splunk is compliant with the security rules at my company.
I tried to login 10 times into Splunk with an invalid password, and it didn’t lock me out.

Is there a way to limit the number of failed login attempts per user?

tskinnerivsec · ‎08-18-2015

The best approach would be to front-end the Splunk web interface with a reverse proxy that you can apply your desired policies to. A squid reverse proxy with mod_security used would be a good way to start. I've also had good success with Juniper MAG devices (or the older Juniper SA devices)

View solution in original post

tskinnerivsec · ‎08-18-2015

The best approach would be to front-end the Splunk web interface with a reverse proxy that you can apply your desired policies to. A squid reverse proxy with mod_security used would be a good way to start. I've also had good success with Juniper MAG devices (or the older Juniper SA devices)

How to protect Splunk login page from Brute force attacks? Is there a way to limit the number of failed login attempts per user?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

Join the Conversation