Security

Port Documentation

dcsteve24
Explorer

We have a standalone install which has to follow specific guidance and documentation. Without getting much into things,  I need to document each port open and if certain ones don't already have a vulnerability assessment on file I need to generate a local report on what the port is for and how its utilized in the system(s).

My clients have splunk installed but don't tap into a lot of its power currently. Therefore I expect a lot of the extra ports can be turned off (at least for now) and save me a lot of paperwork.

This brings me to port 8065 and 8191.

8065, a local listening port that is tied to the splunk appserver. Problem is I can't find what Splunk is using this for exactly outside "app server".

  • If we don't utilize Splunk apps is this required? If we did what does this port provide and why would it be required?
  • When are calls made to it?
  • How would I turn it off in version 8 if I don't need it?

8191 is used for app kv store.

  • If apps are not utilized, can this be turned off?
  • If so how?
  • If apps are not utilized this seems like it wouldn't be required. 

 

Labels (1)
Tags (1)
0 Karma

isoutamo
SplunkTrust
SplunkTrust

Hi

splunk has published this too in docs, but I cannot found it now 😞

https://www.aplura.com/splunk-best-practices/ This doc contains also picture and explanations of those. 

r. Ismo

0 Karma
Get Updates on the Splunk Community!

Announcing General Availability of Splunk Incident Intelligence!

Digital transformation is real! Across industries, companies big and small are going through rapid digital ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...