Security

Community Activity

Server.conf allowRemoteLogin set to never, but splunk server still allows remote login? I want to stop all remote logins to a Splunk server. To do this, I added the following to /etc/system/local/server.co... by dtrelford Path Finder in Security 08-07-2020 0 6	0	6
Splunk Role Management - Disabling Roles in authorize.conf We are using v8.0.4 of Splunk Enterpise. In our authorize.conf I see roles are disabled. Examples:[role_sec_power_use... by brdr Contributor in Security 08-06-2020 0 2	0	2
Undefined user in splunk http://localhost:8000/en-GB/splunkd/__raw/services/authentication/users/undefined Hi,There is issue in version 8.0.4.1 with user cookie/session being broken. Whenever I load Splunk, I do receive 404 ... by seva98 Path Finder in Security 08-06-2020 0 0	0	0
LDAP Search / Active Directory App Monitor Changes How can I use Splunk to alert / run reports on group member changes?Currently I have something I wrote that reads gro... by ntripp_element Explorer in Security 08-05-2020 0 4	0	4
although i can login to splunk web inside installation machin, cant remotely connect to splunk web interface I installed splunk on a centos 8 machin firewall-cmd allowed port 8000, 8089, 80, 443, 9997 etc. i can login to splun... by mpmalasd Engager in Security 08-03-2020 0 2	0	2
AWS CloudTrial events - searching on specific AWS accounts - ARN's Hi, I am attempting to update a notable.The notable allows us to identify if a AWS new user has been created via a AP... by Thundercat Engager in Security 07-30-2020 0 0	0	0
How to change back license group from enterprise license to forwarder license? Hi everyone, I'm a total Splunk noob. The title basically says it all. I recently changed the group from enterprise ... by mysicksi Path Finder in Security 07-30-2020 0 2	0	2
Cpes to maintain Splunk certs? How many cpes and what type are required to maintain Splunk certifications? I have a Splunk User cert and need to kno... by Jbmwk75 New Member in Security 07-26-2020 0 1	0	1
ERROR TcpInputProc - Could not bind to port IPv4 port 8002 Hi guysi am getting below error for an 8002 input streaming for checkpoint logging.Can you suggest how can i resolve ... by Anand_Annamalai Explorer in Security 07-24-2020 0 7	0	7
Search Unique Source IPs Associated with 10+ Unique Destination IPs Hi all I’m new to Splunk so forgive my ignorance. We’re currently using Splunk as a SIEM and I’m having trouble gett... by ltcsecurity Observer in Security 07-24-2020 0 1	0	1
SAML RealName Alias I have my Search Head Cluster authentication working with SAML intergration with our IdP. But currently our IdP send... by thormanrd Path Finder in Security 07-23-2020 1 2	1	2
Does Splunk Cloud support DUO two factor authentication? Does Splunk Cloud support DUO two factor authentication? I am a cloud customer who is also a duo customer. I do not... by dschneider Engager in Security 07-21-2020 1 9	1	9
Which users use the REST API? We are planning to move to SAML SSO soon. One of the drawbacks of SAML is that you cannot authenticate on the API any... by twinspop Influencer in Security 07-20-2020 0 3	0	3
Splunk SAML with Gsuite error 'No Arguments found' I am trying to setup Gsuite SAML for Splunk. I followed the steps mentioned in this link: https://clevertap.com/blog... by nikhils5501 Loves-to-Learn Lots in Security 07-20-2020 0 2	0	2
Authenication datamodel to identify when a 'breakglass' accounts has been successfully authenticated Hi All,Thanks for taking the time to review this message.I attempting to create a Splunk notable that will allow me t... by Thundercat Engager in Security 07-16-2020 0 2	0	2
Script out Deployment Client Removal? When I look in the deploymentserver web interface, I see some Deployment Clients listed that I want to remove. Is it ... by muebel SplunkTrust in Security 07-14-2020 0 2	0	2
Splunking OpenVPN Server Logs Hi All I've started ingest OpenVPN server logs. I've done a preliminary search on apps, answers and the Net at large... by sajbutler Path Finder in Security 07-11-2020 1 5	1	5
Splunk independent stream Forwarder Hi All, How would capture the netflows from different switces in different network zones. I have deployed Independen... by sa20089562 New Member in Security 07-11-2020 0 1	0	1
Permissions to change the role of admin users in Splunk Console I am an admin user in the Splunk console on prem, and I was going to update the roles of certain admin users from adm... by splunkceh Engager in Security 07-10-2020 0 2	0	2
Securing Splunk Cloud I've found that for Splunk Enterprise, there is the Securing Splunk Enterprise document, outlining recommended securi... by TechSec Engager in Security 07-10-2020 0 2	0	2
Alert Triggers, can I have more than one of a certain trigger type? Greetings,I'm setting up an alert and I noticed that for each alert trigger, only 1 of each trigger type is allowed. ... by chris94089 Path Finder in Security 07-09-2020 0 1	0	1
ISP of blocked IP address Splunk Query for adding a column for ISP of blocked IP address? Thank you, by ephrem3232 Explorer in Security 07-06-2020 0 5	0	5
search head auth reload We are running Splunk Version 6.3 and are using LDAP to manage authentication. We need to run "auth reload" after ne... by judyhuang Explorer in Security 07-03-2020 0 7	0	7
Which member to remove user folder from when removing a LDAP user from SH cluster Following the best practices for removing an LDAP user I am at the stage where I want to remove the $HOME/splunk/etc... by a_kearney Path Finder in Security 06-30-2020 0 0	0	0
Some splunk users not found/searchable from Access Control We see inconsistent response in the UI (settings --> Users and Authentication --> access control --> users). Some use... by sylim_splunk Splunk Employee in Security 06-29-2020 0 1	0	1