Hi there, Looking into /opt/splunk/etc/system/local/authorize.conf I saw alot of configurations as below. Would like to understand how this came about, and is it of any concern? t...
Has anyone developed guidelines for what should be (and should not be) logged inSplunkforPCICompliance audits? Referring specifically to the storage and data management requirements as d...
I'm trying to read in some logs on a Solaris system to check for users failing a login N times over Y seconds. Currently I'm just looking for the log entry that tells me an account was locked o...
Good Afternoon, We are attempting tomakeSplunk fit into our compliance needs. The auditors want us to check for certain things on the network (user locked out, user added to security group, etc) an...
Hi Everyone,
I am working in a distributed Splunk environment with 3 indexers, 1 search head, and 1 master node. I have more than 7 forwarders installed on different servers. I have 100 GB daily v...