Security

Discussions

Thread Info

Permissions to change the role of admin users in Splunk Console

I am an admin user in the Splunk console on prem, and I was going to update the roles of certain admin users from adm...

by Engager in

Securing Splunk Cloud

I've found that for Splunk Enterprise, there is the Securing Splunk Enterprise document, outlining recommended securi...

by Engager in

Alert Triggers, can I have more than one of a certain trigger type?

Greetings, I'm setting up an alert and I noticed that for each alert trigger, only 1 of each trigger type is allowe...

by Path Finder in

ISP of blocked IP address

Splunk Query for adding a column for ISP of blocked IP address? Thank you,

by Explorer in

Set a proxy variable for Splunk to get out to the Internet

A site requires proxy-settings to be in place for every browser in order to go to the Internet. There doesn't appe...

by Contributor in

search head auth reload

We are running Splunk Version 6.3 and are using LDAP to manage authentication. We need to run "auth reload" after ...

by Explorer in

Which member to remove user folder from when removing a LDAP user from SH cluster

Following the best practices for removing an LDAP user I am at the stage where I want to remove the $HOME/splunk/etc...

by Explorer in

Some splunk users not found/searchable from Access Control

We see inconsistent response in the UI (settings --> Users and Authentication --> access control --> users). Some use...

by Splunk Employee in

Frequent Disk Space Issue - Service ECM Incidents

Hello All, We do have an centralized syslog receiver named "spl-fwdser" which receives the logs from various device...

by Explorer in

How to create an admin-read-only role?

I have an admin-in-training, that requires access to see everything but NO access to change anything. I am on versi...

by Builder in

Query for any suspicious IP address

I'm looking for a splunk query for any suspicious IP address associated with an IP range that was already blocked in ...

by Explorer in

Create a read only lookup table

I have a user which needs to be able to write one specific lookup table which has to be shared globally. I have to co...

by Path Finder in

How to configure Splunk Enterprise in front of AWS ELB instance

We have deployed Splunk Enterprise on an EC2 instance behind a classic ELB in AWS with HTTPS enabled (screenshots att...

by Explorer in

Splunk 7.3.0 : Possibility of SplunkSearchHead not cleaning the jobs in dispatch directory.

Observation: Suddenly the SplunkSearchHead stopped cleaning the jobs in dispatch directory (/opt/splunk/var/run/spl...

by Observer in

Splunk 7.3.0 : Nessus scan vulnerability reported on splunk ports

Observation The Nessus scan detected few certificate errors on the Splunk ports 8089 (management port), 8000(web-UI...

by Observer in

sso setup

When going through the SAML CONFIGURATION SETUP on splunk enterprise is the ENTITY ID a field that I can put anything...

by Path Finder in

Email for a list of security questions

Hello, My company is one of Splunk partners, and our security team has several simple questions regarding Splunk En...

by Explorer in

Shannon Entropy for DNS domains

Hi all, can you please help meI am calculating Shannon Entropy values for domains from single index and have two ques...

by Path Finder in

LDAP to Office365

For Splunk Cloud, I would like to enable user login to leverage LDAP to our Office365 but I am struggling to find the...

by Engager in

db_connect v3 cannot delete inputs when using SAML

WARN UserManagerPro - AQR not supported and user=username@domain.com information not found in cache or 404 User not f...

by Explorer in

Top Labels

access control 90
audit 43
authentication 110
encryption 40
LDAP 34
login 62
other 183
permissions 71
SAML 28
SSL 86
SSO 29

*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!

Review:
SOAR (f.k.a. Phantom) >>
Enterprise Security >>
Splunk Enterprise or Cloud for Security >>
Observability >>

Or Learn More in Our Blog >>

Security

Discussions

Permissions to change the role of admin users in Splunk Console

Securing Splunk Cloud

Alert Triggers, can I have more than one of a certain trigger type?

ISP of blocked IP address

Set a proxy variable for Splunk to get out to the Internet

search head auth reload

Which member to remove user folder from when removing a LDAP user from SH cluster

Some splunk users not found/searchable from Access Control

Frequent Disk Space Issue - Service ECM Incidents

How to create an admin-read-only role?

Query for any suspicious IP address

Create a read only lookup table

How to configure Splunk Enterprise in front of AWS ELB instance

Splunk 7.3.0 : Possibility of SplunkSearchHead not cleaning the jobs in dispatch directory.

Splunk 7.3.0 : Nessus scan vulnerability reported on splunk ports

sso setup

Email for a list of security questions

Shannon Entropy for DNS domains

LDAP to Office365

db_connect v3 cannot delete inputs when using SAML

How to do email Domain Change?

Why is InfoSec App Not Displaying Correct Active D...

Security Essentials Accelerated DataModel- App tel...

Splunk on call slack permissions

How to whitelist the list of hosts from all the al...