Security

Security Question Related to Splunk enterprise

SakshamGuruji
Engager

Should a non authenticated user access this endpoint (POST request) https://localhost:8089/services/template/realize

and create templates , and if no what can the security impact of this

Labels (2)
0 Karma

PickleRick
Ultra Champion

https://docs.splunk.com/Documentation/Splunk/8.2.4/RESTUM/RESTusing#Authentication_and_authorization

Splunk users must have role or capability-based authorization to use REST endpoints

So you can't call rest api without authenticating yourself (unless you're using splunk free which has no users, roles and authentication).

0 Karma

SakshamGuruji
Engager

So im testing this splunk instance for a client and every REST api endpoint requires auth except the one I mentioned , where I can create templates , now im not sure if I should report this behavior to the client , what are your views?

Thanks

0 Karma

PickleRick
Ultra Champion

This doesn't seem to be any of the standard splunk enterprise rest endpoints...

https://docs.splunk.com/Documentation/Splunk/8.2.4/RESTREF/RESTlist

If it's a custom endpoint, hard to say what it does and why it works without auth.