Should a non authenticated user access this endpoint (POST request) https://localhost:8089/services/template/realize
and create templates , and if no what can the security impact of this
https://docs.splunk.com/Documentation/Splunk/8.2.4/RESTUM/RESTusing#Authentication_and_authorization
Splunk users must have role or capability-based authorization to use REST endpoints
So you can't call rest api without authenticating yourself (unless you're using splunk free which has no users, roles and authentication).
So im testing this splunk instance for a client and every REST api endpoint requires auth except the one I mentioned , where I can create templates , now im not sure if I should report this behavior to the client , what are your views?
Thanks
This doesn't seem to be any of the standard splunk enterprise rest endpoints...
https://docs.splunk.com/Documentation/Splunk/8.2.4/RESTREF/RESTlist
If it's a custom endpoint, hard to say what it does and why it works without auth.
