Security

Community Activity

How can I search for users that haven't logged into Splunk for 90+ days? Any query help Highly appreciated ? Thanks in advance ! lists accounts in Splunk that have not been used (logon) for... by splunker969 Communicator in Security 01-24-2022 0 11	0	11
Can a Power User Role get grant to access ACL Capability to Dashboard/Report/Alarm Hi.As in Subject, only Admin Role can edit an object "ACL",turning an object from Private to Public, with relative "A... by verbal_666 Builder in Security 01-20-2022 0 0	0	0
IP Watch List I am very new to Splunk and trying to gain as much knowledge as possible. I found there is an App called Splunk Globa... by juanv Engager in Security 01-19-2022 0 3	0	3
Splunk search query Supposed if i have huge data of users i need to check the last status of the each users Like login and logout. If use... by kajalchopade071 Path Finder in Security 01-19-2022 0 8	0	8
Detecting Beaconing Using Fourier Transform (FFT) Does anyone know of an add-on or other script that would allow one to analyze network traffic to detect beaconing usi... by dokaas_2 Communicator in Security 01-18-2022 0 6	0	6
Cant see Macro Sharing (permissions) on some app but i can in others ? Hi AllI am using an app called Murex, I am Admin on the environment but i cant see the Sharing (permissions) column o... by robertlynch2020 Influencer in Security 01-18-2022 0 1	0	1
Restricting index access with srchIndexesDisallowed overwrites other group permissions We have a setup where all users by default have access to all indexes. Now we have to restrict the access to a specif... by vasial Loves-to-Learn in Security 01-18-2022 0 8	0	8
Security Question Related to Splunk enterprise Should a non authenticated user access this endpoint (POST request) https://localhost:8089/services/template/realize ... by SakshamGuruji Engager in Security 01-15-2022 0 3	0	3
Splunk enterprise Logback 1.2.3 CVE-2021-42550 In Splunk enterprise when running the following log4j scanner it is picking up that the following filesas vulnerable.... by qessar Observer in Security 01-09-2022 0 2	0	2
Log source Report Hi All,I am completely newbie into this splunkI wanted to know how to create reports in splunk that will provide dail... by Sathish2323 New Member in Security 01-04-2022 0 1	0	1
Configuration Replication Port SSL to Indexer Cluster Hello everyone,I'm trying to config SSL to indexer cluster's replication port. I have followed this link to create my... by Daniel28 Explorer in Security 01-04-2022 0 0	0	0
Regarding Log4j Hello everyone, So according to the Splunk blog: Splunk Security Advisory for Apache Log4j (CVE-2021-44228 and CVE-20... by abhi04d Engager in Security 12-23-2021 0 1	0	1
Authenticated API call using webport redirects (303) to login session expired Our network uses a PKI (client and server certificate) authentication system. The Splunk administrators are not allo... by vckeofgjsolri Explorer in Security 12-16-2021 0 2	0	2
Credentials Encryption in bash script Hi All,I have this short bash script, and i want to encrypt the admin and changeme credentials, cause it is displayed... by jadengoho Builder in Security 12-16-2021 0 4	0	4
Splunk log4j We are using splunk version 6.2.4.Recently, I received a call saying that a vulnerability was also found in the 1.2.x... by KIMBYEONGGON New Member in Security 12-16-2021 0 1	0	1
Patch for CVE-2021-4428 Does splunk have a patch forCVE-2021-4428Qualys has identified Apache Log4j Remote Code Execution (RCE) Vulnerability... by dhotlosz Explorer in Security 12-15-2021 0 6	0	6
Encryption from Forwarder to Indexer We have two sites with two indexers per site. A total of four indexers.I have to set up certificate-based encryption ... by Stefanie Builder in Security 12-15-2021 0 4	0	4
Query information Hi,I have a UNIX server Solaris 8 that ac/behave like a Splunk Proxy server for 2 other UNIX servers Solaris 8.In oth... by rballan2 Loves-to-Learn Lots in Security 12-15-2021 0 4	0	4
Please help me to find the following Addon's and Apps are impacted with log4j or Not ? Hi Splunkers  , The vulnerability was disclosed by the Apache Log4j project on Thursday, December 9, 2021. If exploi... by harishalipaka Motivator in Security 12-14-2021 0 1	0	1
CVE-2021-44228 Splunk Enterprise (on-prem) is reported as having a hotfix for this CVE 8.2.3.2, but I am unable to locate the hotfix... by dconverse New Member in Security 12-13-2021 0 1	0	1
Need help in extraction index=* host=* rule=corp_deny_all_to_untrust NOT dest_port=4242 \| table src_ip dest_ip transport dest_port applicatio... by neeltiwari Observer in Security 12-13-2021 0 3	0	3
Splunk for kafka connect I am using splunk connector for kafka. https://github.com/splunk/kafka-connect-splunk/releases https://splunkbase.sp... by dsindatry New Member in Security 12-13-2021 0 0	0	0
Splunk instances will not connect to HTTP port After installing SSL certificates and changing the default Splunk web port to 443, I receive the following error: Ch... by jonesnadiam Path Finder in Security 12-13-2021 2 17	2	17
Top 10 Failed Login Im new to splunk , I created 15 users and had failed login attempts on some of them.how can i find the first 10 faile... by sittingonion Observer in Security 12-09-2021 0 2	0	2
Why is the Netflow stream not listening on the defined port? I'm struggling to get the Splunk Stream Forwarder to listen on the port that I have configured to receive sFlow packe... by jamessinton New Member in Security 12-07-2021 0 3	0	3