Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Security Question Related to Splunk enterprise

SakshamGuruji
Engager
‎01-15-2022 01:09 AM

Should a non authenticated user access this endpoint (POST request) https://localhost:8089/services/template/realize

and create templates , and if no what can the security impact of this

Labels (2)
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎01-15-2022 02:05 AM

https://docs.splunk.com/Documentation/Splunk/8.2.4/RESTUM/RESTusing#Authentication_and_authorization

Splunk users must have role or capability-based authorization to use REST endpoints

So you can't call rest api without authenticating yourself (unless you're using splunk free which has no users, roles and authentication).

0 Karma
Reply

SakshamGuruji
Engager
‎01-15-2022 02:21 AM

So im testing this splunk instance for a client and every REST api endpoint requires auth except the one I mentioned , where I can create templates , now im not sure if I should report this behavior to the client , what are your views?

Thanks

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎01-15-2022 02:51 AM

This doesn't seem to be any of the standard splunk enterprise rest endpoints...

https://docs.splunk.com/Documentation/Splunk/8.2.4/RESTREF/RESTlist

If it's a custom endpoint, hard to say what it does and why it works without auth.

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...