Hello, I would like to know the aim of this default constraint : (`cim_Authentication_indexes`) tag=authentication NOT (action=success user=*$) action="success" Especially what d...
I am attempting to use an HEC with basic authentication via HTTPS, but receiving a response 403 "Forbidden" when using the authorization header as Base64 encoded username:password pair. The u...
Regarding Federated search:
Is the only authentication option username and password? We use SSO on the remote search head (LDAP/Reverse Proxy) which would be preferable.
Why do you need to e...
I would like to detect successful authentication after a brute force attempt. It would be nice to see multiple status code 400s and the 200s all from the same IP. That way, I do not have to do m...
I have seen that there is a way to authenticate using the second factor of authentication through RSA and DUO. But I would like to know if there is another way and even better if it has no cost. I...
How is LDAP authentication supposed to work? When the user logs in, what LDAP query does the Splunk server use to retrieve the user information and validate the user and password? As near as I can t...
Hello,
We are using Splunk with CAC / Smart Card authentication and want to add to our configuration the ability to map LDAP groups to roles within Splunk.
What we'd like to have happen: * U...
How will I set up a data model that has Authentication and sub-sessions Default, insecure and Privileged Authentication data model. It uses action of a sucess and failure. I am using the f...
Hello, does anyone here have an idea why cisco cloud security umbrella addon is interfering the authentication within Splunk TA Cloud Services? I try to ingest nsg flow data via a storage blob....
After our SSO migration, users have reported instances where a single tab will re-authenticate which causes a cascading re-authentication across all tabs.
This wouldn't be so bad if it happened o...