Security

Is Splunk or Ent. Security able to detect attacks by rogue systems or Artificially Intelligent enabled Server?

SamHTexas
Builder

Is Splunk Enterprise or Splunk Ent. Security (ES) able to detect attacks by rogue systems or Artificially Intelligent enabled Server? Are AI enabled servers able to create user accounts in my Splunk environment?

Labels (1)
0 Karma

venkatasri
SplunkTrust
SplunkTrust

Hi @SamHTexas 

Splunk Core/Ent* and ES are no exception for an attack. Having said that similar to any other systems Splunk stack shall be protected as well, if someone managed to create a user they would be having full access from outside, and as far as i know there are no prebuilt reports for user creations and malicious activities identification.

  • Splunk _audit logs are place to find in case of something unusual activity is happening. Create a schedule search/ on ES create notable search to SOC to analyze
  • If someone gain access to Splunk host they can create stuff from CLI and update .conf similar to any other host, they shall be monitored as well for file system changes and abrupt restarts.
  • Do not expose Rest API and web ports to public internet. 

these are some of the tips there could be many detections that needs to be enabled to monitor Splunk security posture it depends on how it has implemented and tools in place. Splunk ES can be used to monitor whole Splunk itself however custom notable searches shall be created.

 

----

An upvote would be appreciated and Accept solution if it helps!

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...