Security

Community Activity

Events are showing in binary After onboarding done, The logs are reporting to splunk, But most of the events are showing like binary as below. The... by Umashankar New Member in Security 09-30-2021 0 2	0	2
Removing the 'schedule_rtsearch' capability from the default user role I have a custom authorize.conf that was intended to disable the schedule_rtsearch capability for all users: [defaul... by _smp_ Builder in Security 09-30-2021 0 3	0	3
Anyone can help me with this splunk cloud error? Attackers might be trying to steal your information from www. staging.splunk.com (for example, passwords, messages,... by Splunknewbi New Member in Security 09-29-2021 0 0	0	0
Consent banner for Splunk? At our organization we use Splunk with Apache to provide LDAP authentication using smart cards. We are required to pr... by Stefanie Builder in Security 09-28-2021 0 1	0	1
Can you change permissions on an executed savedsearch? I have a dashboard that loadjobs a scheduled savedsearch. I needed to grant dashboard access to a new role, so I adde... by nick405060 Motivator in Security 09-28-2021 0 5	0	5
Why am I unable to "browse more apps" or install an app on Splunk Web? I just installed Splunk Enterprise on my Mac. Started Splunk and got into Splunk Web UI. When I click the large Plus... by AllanMarcus Explorer in Security 09-27-2021 0 4	0	4
Configure Splunk forwarding on Windows hosts to use your own certificates We are running a Splunk cluster (version 8.1.2) and trying to secure the forwarding from the Universal Forwarders (al... by HumanPrinter Explorer in Security 09-27-2021 0 3	0	3
hidden user in users hi we had the user with name user1, after some days the user was hidden in settings>users, but still user can login t... by khanlarloo Explorer in Security 09-26-2021 0 1	0	1
Splunk Fundamentals Part 1: Login failure in Module 13 lab I'm taking the Splunk Fundamentals Part 1 the free training. On Module 13 Lab, I see a warning that says "This lab wi... by aiyda New Member in Security 09-24-2021 0 3	0	3
Can the SSL encryption between SHs, Indexers, DS , FWs be only checked via CLI? Any way through GUI? Thx a million I need to see if the default encryption between Splunk components be checked via GUI? Am talking about the SSL encryp... by SamHTexas Builder in Security 09-22-2021 0 0	0	0
Splunk needs a shell? All, Just noticed when Splunk UF installs it creates a user "splunk" with a login shell /bin/bash in /etc/passwd. e.g... by daniel333 Builder in Security 09-22-2021 0 4	0	4
SSL anonymous ciphers supported Hello,We are using the Tenable Infrastructure Vulnerability scanner to scan regularly our complete infrastructure. Te... by damucka Builder in Security 09-22-2021 1 1	1	1
Security Concern: Does Splunk Need A Shell I was wondering if it is really necessary for the Splunk account to have a shell (/bin/bash)? I have set up a couple... by imarks004 Path Finder in Security 09-22-2021 1 3	1	3
Enterprise Security Data Compartmentalization When I create a role and assign it to a user in Splunk Enterprise, I have successfully tested that the user can only ... by Paul Explorer in Security 09-17-2021 0 3	0	3
Is it possible to admin Splunk instance without logon to the OS splunk user? Hello,I have an issue with the security of the Splunk installation. Actually it is not about Splunk itself - after ea... by damucka Builder in Security 09-17-2021 0 3	0	3
List of universal Forwarder Hi,Is there any method to get the list of all the universal forwarder that is being forwarded to Indexer?Regards,Rahu... by rahul2gupta Path Finder in Security 09-17-2021 0 3	0	3
Send Notable events to stand alone indexer Hi,how can we send ES notable events from cluster setup to a stand alone indexer. by islam Explorer in Security 09-15-2021 0 3	0	3
AOC for Splunk Auditors are looking for updated AOC for Splunk. Where can we find this document from Splunk? by patelDip New Member in Security 09-14-2021 0 0	0	0
Restore a recently deleted user Hi!,I have recently deleted an user. I should not have done that....Can I restore it?If anyone has any ideas I'd appr... by repplikaFK Engager in Security 09-14-2021 0 2	0	2
Correlation rule Hey splunkers, How can I correlate rules in Splunk from 2 data sources? The events for example:OKTA - privilege grant... by or1515 Loves-to-Learn Everything in Security 09-11-2021 0 10	0	10
How do I create a new field? Hey splunkers,How do I create a new field in splunk? If I have a windows security log with "User" field and I want to... by or1515 Loves-to-Learn Everything in Security 09-09-2021 0 3	0	3
Detecting Login Attempts both Successful and Not, that come from Outside of the United States Hello Splunkers! I wanted to ask if anyone out there has some SPL that I can use as an alert to detect failed an... by itsmevic Communicator in Security 09-07-2021 0 1	0	1
Experiences with App Deployment on Splunk Cloud We currently operate on-prem and are considering moving to Splunk Cloud.A potential blocker is the manual process req... by jonaclough Path Finder in Security 09-06-2021 0 1	0	1
What are methods to encript password under deployments-apps Hi,I am configuring SSL encryption b/w agent and indexer/deployment server. But passwords placed under deployment-app... by Pradeep Observer in Security 09-03-2021 0 0	0	0
DBconnect accessing SQL Diagnostic Manager every 30mins We are using DBconnect with JTDS driver. When we enabling the connection in DBconnect we are seeing the below script ... by vin_ven27 Explorer in Security 09-02-2021 0 0	0	0