Security

Community Activity

How to probably configure Splunk to set authnrequests to be signed by SHA-256 signature algorithm? Hello, I'm trying to set the authnrequests to be signed by a sha256 cert, as that's a requirement of my ldp for SAML.... by slee75 New Member in Security 02-09-2017 0 1	0	1
nestedGroups is not working as expected for Active Directory LDAP I have a security group called Splunk Users that is mapped to the user role in Splunk. When I add a user directly to... by neiljpeterson Communicator in Security 02-09-2017 1 4	1	4
How to blacklist events from monitored logs I have 3 different event types : 2017-02-08T08:55:32,704 [host;app1;http-bio-8115-exec-5;[[xxxxxxxx-xxxx-xxxx-xxxx-x... by andrei1bc Communicator in Security 02-08-2017 0 1	0	1
current user in search? Is is possible to pull the current user name for use in a search? For instance, a search that would do something like... by jgauthier Contributor in Security 02-06-2017 3 12	3	12
No valid splunk role found in local mapping? (AD FS, SAML, SSO) Splunk, After completing Active Directory Federation Services (ADFS), our role mappings are not recognized. What are... by michaelba Explorer in Security 02-05-2017 0 2	0	2
Splunk Dashboard Causing Browsers to crash? Hello, We have Splunk 6.2, and we have a dashboard that utilizes 9 real-time searches and 4 historical searches. On... by butzowj Path Finder in Security 02-02-2017 1 13	1	13
When trying to upgrade to 6.5.2, why am I unable to establish SSL connection via wget? I am trying to upgrade one of our Splunk servers from 6.5.1 to 6.5.2. The way we usually do this is wget to get the r... by chrishartsock Path Finder in Security 02-02-2017 0 2	0	2
After enabling HTTPS on Splunk Web, why am I getting this error "Socket error...error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request" every 5 seconds? I'm trying to enable https to Splunk Web. It appears easy and OK to have it enabled but once it is done, splunkd.log ... by sylim_splunk Splunk Employee in Security 02-01-2017 0 1	0	1
account locked out by user Sorry for the easy question, but totally new to splunk. what would be the query to use in search to look up a user ... by lexphumirat New Member in Security 02-01-2017 0 1	0	1
Access Control: What is the best approach to limiting users to specific Apps or Views? We have a fairly large deployment with 60 plus individual apps. These are used almost exclusively by DEVOPS and we ha... by snoobzilla Builder in Security 01-31-2017 0 8	0	8
Need to regenerate SSL Cert for SplunkWeb Hi guys, My SplunkWeb SSL Certificate is set to expire tomorrow. I'd like to renew it or regenerate a new one. ... by balbano Contributor in Security 01-31-2017 1 3	1	3
Receiving SSL data into a forwarder - ISAM9 request_syslogs to Splunk forwarder IBM Security Access Manager v9 build 9.0.1.0 * There is a bug which doesn't allow syslog to be sent of UDP, but TLS-T... by rewritex Contributor in Security 01-31-2017 0 4	0	4
How to find the Splunk application type in the navigation menu? How can I find out, if I am using Splunk Entrprise, Cloud etc without asking the Splunk admin ? I use the weburl on p... by pradjswl Explorer in Security 01-26-2017 0 3	0	3
How do I disable the display of release messages on login page? Having the release update notes on the log in page of splunk is nice however it is a security risk as well. An attack... by mctester Communicator in Security 01-26-2017 0 2	0	2
Specifying multiple LDAP static group filters Is there a way to specify multiple group search filters for multiple groups? Currently we have this (sAMAccountName =... by aaronkorn Splunk Employee in Security 01-25-2017 1 3	1	3
Force Splunk to use TLS 1.2 Hello, All of our Splunk infrastructure utilises our in house PKI for Splunk to Splunk communication. Moving forward... by cam343 Path Finder in Security 01-24-2017 0 3	0	3
Is Mongodb vulnerable to outside manipulation? I came across several reports where MongoDB installations are being targeted in malware attacks. How can verify tha... by scottrunyon Contributor in Security 01-21-2017 0 5	0	5
SAML and SSO Has anyone implemented SSO using SAML v2 like how it's outlined in the following blog? http://blogs.splunk.com/2013/0... by bsub Engager in Security 01-20-2017 2 1	2	1
How to bypass SSO when a user as never logged in Splunk? Hi, I enabled SSO for Splunk which works almost fine. I found a very annoying behavior with SSO. If a new user has ... by madsurfer Explorer in Security 01-20-2017 0 3	0	3
Splunk SSO change - no longer works. Hey Everyone. Been running splunk behind an apache proxy with NTLM for awhile. (Same host). Today, I decided to mov... by jgauthier Contributor in Security 01-20-2017 0 6	0	6
Why am I unable to log in to Splunk Enterprise? Hi, I've just installed Splunk Enterprise and when I try to log in for the first time by clicking on 'Launch browser... by Dolley87 New Member in Security 01-20-2017 0 4	0	4
How to change the default role when creating a new user? By default when a new user is created, the role of "user" is auto assigned to them. I would like to add another defau... by ejharts2015 Communicator in Security 01-17-2017 0 8	0	8
How can I make sure a role setting takes precedence over other role settings? I have a user that belongs to a few roles that use LDAP for auth. These roles have srchMaxTime set to 600. I need to ... by twinspop Influencer in Security 01-14-2017 0 2	0	2
I am trying to get URLs out of logs in Splunk. I am getting an error. my regex query is : xxx.xx.xxx.xxx\|regex = (http(s)?:(\/\/)?(w{3}.)?[-a-zA-Z0-9@:%.+~#=]{2,256}(.[a-z]{2,256})?\b([-a... by infosecowl New Member in Security 01-13-2017 0 2	0	2
How to view oldest and last login of Splunk users? For auditing and administration purposes I was trying to get a fast listing of first/last login times of all Splunk u... by tweaktubbie Communicator in Security 01-13-2017 0 3	0	3