Security
Highlighted

How to protect Splunk login page from Brute force attacks? Is there a way to limit the number of failed login attempts per user?

New Member

I have to check if Splunk is compliant with the security rules at my company.
I tried to login 10 times into Splunk with an invalid password, and it didn’t lock me out.

Is there a way to limit the number of failed login attempts per user?

0 Karma
Highlighted

Re: How to protect Splunk login page from Brute force attacks? Is there a way to limit the number of failed login attempts per user?

Contributor

The best approach would be to front-end the Splunk web interface with a reverse proxy that you can apply your desired policies to. A squid reverse proxy with mod_security used would be a good way to start. I've also had good success with Juniper MAG devices (or the older Juniper SA devices)

View solution in original post

0 Karma