Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Outbound connections required by splunk

Harold
Observer
‎04-13-2021 11:31 AM

Doing some hardening on my splunk and would like to block any outgoing connections not required.

Besides DNS as far as i logged on last couple of days splunk only requires outgoing on port 443 over /TCP/SSL on servers using certificates with names that fit "*splunk.com"?

I am talking about license and etc conections required by splunk, for this question assume a standalone enterprise splunk server with no integration with other servers or forwarders.

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎04-13-2021 11:41 PM

Hi @Harold,

as @scelikok said, if you're speaking about hardening, you should see at https://docs.splunk.com/Documentation/Splunk/8.1.3/Security/WhatyoucansecurewithSplunk, in addition in the last .Conf there was an interesting  webinar https://conf.splunk.com/files/2020/slides/TRU1537C.pdf  about Splunk hardening.

Anyway, if you want the connections used by Splunk, you should see at https://docs.splunk.com/Documentation/Splunk/8.1.3/InheritedDeployment/Ports

Ciao.

Giuseppe

 

0 Karma
Reply

scelikok
SplunkTrust
SplunkTrust
‎04-13-2021 08:43 PM

Hi @Harold,

Assuming there is no integration, standalone Splunk does not need any outgoing connections. Since we are talking about hardening, *splunk.com connections are also not necessary. They are for Splunk/apps version checking, and sending some telemetry data to Splunk about you usage. It is safe to block all outgoing connections.

If this reply helps you an upvote and "Accept as Solution" is appreciated.
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

AI is changing how teams investigate incidents, detect threats, automate workflows, and build intelligent ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...