Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Replacing Splunk admin account with a non standard admin account

dshakespeare_sp
Splunk Employee
Splunk Employee
‎11-09-2012 08:23 AM

A security conscious company has a policy of removing "default" admin accounts from its software products and replacing then with a non standard admin accounts. Is the possible in Splunk?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

dshakespeare_sp
Splunk Employee
Splunk Employee
‎11-09-2012 08:33 AM

It is possible clone the admin user to a new "admin"account (eg splunkadm)with identical privileges. Once the new account is created you may delete the original admin account.

CAVEAT
If the "default" admin has created knowledge objects you will need to move these knowledge objects associated with the "default" admin to the "new" admin account.

It is advisable to test this in a Pre Production Test Enviroment to ensure that no fuctionality is lost

For futher suggestions on "hardening" the Splunk enviroment please see

http://docs.splunk.com/Documentation/Splunk/5.0/Security/Hardeningstandards

View solution in original post

Reply
Solved! Jump to solution
Solution

dshakespeare_sp
Splunk Employee
Splunk Employee
‎11-09-2012 08:33 AM

It is possible clone the admin user to a new "admin"account (eg splunkadm)with identical privileges. Once the new account is created you may delete the original admin account.

CAVEAT
If the "default" admin has created knowledge objects you will need to move these knowledge objects associated with the "default" admin to the "new" admin account.

It is advisable to test this in a Pre Production Test Enviroment to ensure that no fuctionality is lost

For futher suggestions on "hardening" the Splunk enviroment please see

http://docs.splunk.com/Documentation/Splunk/5.0/Security/Hardeningstandards

Reply
Get Updates on the Splunk Community!

.conf23 Registration is Now Open!

Time to toss the .conf-etti 🎉 —  .conf23 registration is open!   Join us in Las Vegas July 17-20 for ...

Don't wait! Accept the Mission Possible: Splunk Adoption Challenge Now and Win ...

Attention everyone! We have exciting news to share! We are recruiting new members for the Mission Possible: ...

Unify Your SecOps with Splunk Mission Control

In today’s post, I'm excited to share some recent Splunk Mission Control innovations. With Splunk Mission ...