Security

Replacing Splunk admin account with a non standard admin account

dshakespeare_sp
Splunk Employee
Splunk Employee

A security conscious company has a policy of removing "default" admin accounts from its software products and replacing then with a non standard admin accounts. Is the possible in Splunk?

0 Karma
1 Solution

dshakespeare_sp
Splunk Employee
Splunk Employee

It is possible clone the admin user to a new "admin"account (eg splunkadm)with identical privileges. Once the new account is created you may delete the original admin account.

CAVEAT
If the "default" admin has created knowledge objects you will need to move these knowledge objects associated with the "default" admin to the "new" admin account.

It is advisable to test this in a Pre Production Test Enviroment to ensure that no fuctionality is lost

For futher suggestions on "hardening" the Splunk enviroment please see

http://docs.splunk.com/Documentation/Splunk/5.0/Security/Hardeningstandards

View solution in original post

dshakespeare_sp
Splunk Employee
Splunk Employee

It is possible clone the admin user to a new "admin"account (eg splunkadm)with identical privileges. Once the new account is created you may delete the original admin account.

CAVEAT
If the "default" admin has created knowledge objects you will need to move these knowledge objects associated with the "default" admin to the "new" admin account.

It is advisable to test this in a Pre Production Test Enviroment to ensure that no fuctionality is lost

For futher suggestions on "hardening" the Splunk enviroment please see

http://docs.splunk.com/Documentation/Splunk/5.0/Security/Hardeningstandards

Get Updates on the Splunk Community!

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Splunk AI Assistant for SPL has transformed how users interact with Splunk, making it easier than ever to ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureOn Demand Now Step boldly into the AI revolution with enhanced security ...

Enterprise Security Content Update (ESCU) | New Releases

In March, the Splunk Threat Research Team had 2 releases of security content via the Enterprise Security ...