Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Port Documentation

dcsteve24
Explorer
‎10-29-2021 02:25 PM

We have a standalone install which has to follow specific guidance and documentation. Without getting much into things,  I need to document each port open and if certain ones don't already have a vulnerability assessment on file I need to generate a local report on what the port is for and how its utilized in the system(s).

My clients have splunk installed but don't tap into a lot of its power currently. Therefore I expect a lot of the extra ports can be turned off (at least for now) and save me a lot of paperwork.

This brings me to port 8065 and 8191.

8065, a local listening port that is tied to the splunk appserver. Problem is I can't find what Splunk is using this for exactly outside "app server".

  • If we don't utilize Splunk apps is this required? If we did what does this port provide and why would it be required?
  • When are calls made to it?
  • How would I turn it off in version 8 if I don't need it?

8191 is used for app kv store.

  • If apps are not utilized, can this be turned off?
  • If so how?
  • If apps are not utilized this seems like it wouldn't be required. 

 

Labels (1)
Labels
Tags (1)
0 Karma
Reply

jmartin_pro
Explorer
‎04-05-2024 10:56 AM

Hi! I know I'm late but I've always wondered this as well... From the Components and their relationship with the network section of the Inherit a Splunk Enterprise Deployment documentation, this is loopback communication, meaning you won't need to open any ports. Splunk is talking to the local KV Store database (mongod).

20240405_123937.pngIf I run an lsof for open ports, I see the following all occurring over the loopback interface (8065 shows a similar result, only showing Python as the listening service):

20240405_125005.png

 

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎10-29-2021 03:30 PM

Hi

splunk has published this too in docs, but I cannot found it now 😞

https://www.aplura.com/splunk-best-practices/ This doc contains also picture and explanations of those. 

r. Ismo

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...