Security

Community Activity

Security Concern: Does Splunk Need A Shell I was wondering if it is really necessary for the Splunk account to have a shell (/bin/bash)? I have set up a couple... by imarks004 Path Finder in Security 09-22-2021 1 3	1	3
Enterprise Security Data Compartmentalization When I create a role and assign it to a user in Splunk Enterprise, I have successfully tested that the user can only ... by Paul Explorer in Security 09-17-2021 0 3	0	3
Is it possible to admin Splunk instance without logon to the OS splunk user? Hello,I have an issue with the security of the Splunk installation. Actually it is not about Splunk itself - after ea... by damucka Builder in Security 09-17-2021 0 3	0	3
List of universal Forwarder Hi,Is there any method to get the list of all the universal forwarder that is being forwarded to Indexer?Regards,Rahu... by rahul2gupta Path Finder in Security 09-17-2021 0 3	0	3
Send Notable events to stand alone indexer Hi,how can we send ES notable events from cluster setup to a stand alone indexer. by islam Explorer in Security 09-15-2021 0 3	0	3
AOC for Splunk Auditors are looking for updated AOC for Splunk. Where can we find this document from Splunk? by patelDip New Member in Security 09-14-2021 0 0	0	0
Restore a recently deleted user Hi!,I have recently deleted an user. I should not have done that....Can I restore it?If anyone has any ideas I'd appr... by repplikaFK Engager in Security 09-14-2021 0 2	0	2
Correlation rule Hey splunkers, How can I correlate rules in Splunk from 2 data sources? The events for example:OKTA - privilege grant... by or1515 Loves-to-Learn Everything in Security 09-11-2021 0 10	0	10
How do I create a new field? Hey splunkers,How do I create a new field in splunk? If I have a windows security log with "User" field and I want to... by or1515 Loves-to-Learn Everything in Security 09-09-2021 0 3	0	3
Detecting Login Attempts both Successful and Not, that come from Outside of the United States Hello Splunkers! I wanted to ask if anyone out there has some SPL that I can use as an alert to detect failed an... by itsmevic Communicator in Security 09-07-2021 0 1	0	1
Experiences with App Deployment on Splunk Cloud We currently operate on-prem and are considering moving to Splunk Cloud.A potential blocker is the manual process req... by jonaclough Path Finder in Security 09-06-2021 0 1	0	1
What are methods to encript password under deployments-apps Hi,I am configuring SSL encryption b/w agent and indexer/deployment server. But passwords placed under deployment-app... by Pradeep Observer in Security 09-03-2021 0 0	0	0
DBconnect accessing SQL Diagnostic Manager every 30mins We are using DBconnect with JTDS driver. When we enabling the connection in DBconnect we are seeing the below script ... by vin_ven27 Explorer in Security 09-02-2021 0 0	0	0
Status code=responder, SSO disabled Running Splunk Enterprise 8.0.0 on an internal network.I went away on vacation for a few weeks with Splunk working fi... by pl2345 Path Finder in Security 09-02-2021 1 4	1	4
Tuning ES to environment How are you tuning ES to your environment? Are you overwriting the correlation searches that ship with ES or are you ... by wgawhh5hbnht Communicator in Security 08-31-2021 0 1	0	1
Unable to connect to splunk enterprise AMI with default username and password Hi y’all. I recently installed splunk enterprise AMI instance in EC2. Unfortunately, I am unable to access with the d... by priyakvs New Member in Security 08-27-2021 0 0	0	0
How can I set up LDAP for all my Splunk servers at one time? How can I set up LDAP for all my Splunk servers at one time? Am I going to have to set this up individually on each ... by cajunitalian Engager in Security 08-27-2021 1 4	1	4
Is there any way to unhash a hashed BindDN password Let's say I needed to restore the password. How hard would it be to do that? by bfaber Communicator in Security 08-26-2021 0 8	0	8
SplunkWeb fails to start - timeout when binding to port The problem: When trying to start splunk, splunkweb errors out (supposedly on binding to the port, but I am skeptica... by crazygir Explorer in Security 08-23-2021 3 9	3	9
Can't connect to http://myserver:8000 on fresh install CentOS7 I've just installed latest splunk on a fresh minimal CentOS 7 installation. Installation process showed no warnings... by amanogue New Member in Security 08-23-2021 0 4	0	4
How do I safely store passwords in my splunk app? App Inspect returns a manual check that declares "Check that no plain text authorization credentials are stored in th... by dnguyen_splunk Splunk Employee in Security 08-23-2021 1 3	1	3
Basic security function of delete account missing Hi,The basic function of delete my account is missing.Which ultimately leads me to abundaunning of my account. by Splkmap New Member in Security 08-23-2021 0 3	0	3
How to update Email Address in Splunk profie HI Team,I need to add my company email address to my SplunK profile.I want to update it with my professional email ID... by VinKadam New Member in Security 08-23-2021 0 2	0	2
prompt for admin user name "Your session is invalid. Please login" How to avoid that? Hello, When certain splunk administration commands are executed (eg, offline) sometimes on some servers i get promt ... by sim_tcr Communicator in Security 08-19-2021 0 4	0	4
detect web application vulnerabilities hiI want to detect web vulnerabilities for example "XSS" or " SQLI" with splunk. for this target i collect apache log... by szone Engager in Security 08-17-2021 0 2	0	2