Hi There, hope u r doing good, thanks for reading. 1) A fresh install of Splunk Enterprise 9.3.2 showing this security warning: Security risk warning: Found an empty value for 'allowedDomainList'...
See more...
Hi There, hope u r doing good, thanks for reading. 1) A fresh install of Splunk Enterprise 9.3.2 showing this security warning: Security risk warning: Found an empty value for 'allowedDomainList' in the alert_actions.conf configuration file. If you do not configure this setting, then users can send email alerts with search results to any domain. You can add values for 'allowedDomainList' either in the alert_actions.conf file or in Server Settings > Email Settings > Email Domains in Splunk Web.12/2/2024, 5:40:52 AM 2) I have noticed this error around 2 or 3 months ago, but as its a simple and low priority / functionality related one, i ignored it. 3) last week as we Splunkers were discussing in our usergroup meeting about this, one of my friend asked - ok, this is a low priority issue for you, but for an organizations infosec perspective this could be a medium/big issue. 4) He suggested me that - the default config files should be configured to keep things in secured fashion(similar to that "zero-trust" security policy), giving a warning message isnt enough, right. i had to agree with him. 5) Screenshot attached for your note: