Splunk Enterprise Security

Receiving vulnerabilities from our Splunk hosted web server/website

jmdelrosario26
Explorer

Hello,

So we have website hosted in Splunk. We are detecting these vulnerabilities Server header Detected, Incorrect X-Xss-Protection and Incorrect Set-Cookie which has issue category as Insecure HTTP Header. We would like to know on how to resolve this vulnerabilities? Thanks!

Regards,

Joshua

Labels (1)
0 Karma

nickhills
Ultra Champion

What version of Splunk?

Also - are you serving Splunk directly, or is there a load balancer doing SSL offload perhaps?

The cookies should be set to secure if Splunk is running with native SSL,  however you can control the response headers separately if you need to.

Take a look at https://docs.splunk.com/Documentation/Splunk/8.1.0/Admin/Webconf

in web.conf you should be able to set:

[httpServer]
replyHeader.X-XSS-Protection=1; mode=block

 

If my comment helps, please give it a thumbs up!
0 Karma

jmdelrosario26
Explorer

Hi,

We are hosting the website in Splunk directly. We are not using load balancer. The SSL certificate we use is signed by Digital 3rd Party Certificate Authority. Our Splunk version is Splunk 7.2.1. So we can just add this config in the web.conf file to resolve the issue? Will editing the web.conf file cause issue to our production instance? 

[httpServer]
replyHeader.X-XSS-Protection=1; mode=block

Regards,

Joshua

0 Karma

nickhills
Ultra Champion

 Are you running Splunk with SSL/HTTPS?

If my comment helps, please give it a thumbs up!
0 Karma

jmdelrosario26
Explorer

Hello,

Yes, we are already running Splunk with SSL/HTTPS. Do we need to perform further actions? We are still detecting vulnerabilities.

Regards,

Joshua

First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...