Port Documentation

dcsteve24 · ‎10-29-2021

We have a standalone install which has to follow specific guidance and documentation. Without getting much into things, I need to document each port open and if certain ones don't already have a vulnerability assessment on file I need to generate a local report on what the port is for and how its utilized in the system(s).

My clients have splunk installed but don't tap into a lot of its power currently. Therefore I expect a lot of the extra ports can be turned off (at least for now) and save me a lot of paperwork.

This brings me to port 8065 and 8191.

8065, a local listening port that is tied to the splunk appserver. Problem is I can't find what Splunk is using this for exactly outside "app server".

If we don't utilize Splunk apps is this required? If we did what does this port provide and why would it be required?
When are calls made to it?
How would I turn it off in version 8 if I don't need it?

8191 is used for app kv store.

If apps are not utilized, can this be turned off?
If so how?
If apps are not utilized this seems like it wouldn't be required.

isoutamo · ‎10-29-2021

Hi

splunk has published this too in docs, but I cannot found it now 😞

https://www.aplura.com/splunk-best-practices/ This doc contains also picture and explanations of those.

r. Ismo

Port Documentation

other

Splunk Security Content for Threat Detection & Response, Q1 Roundup

Splunk Life | Happy Pride Month!

SplunkTrust | Where Are They Now - Michael Uschmann