I recently removed the default "admin" account and am now finding that the Key Indicators no longer work. Are these related? Does ES require the admin user to exist?
In the last month, the Splunk Threat Research Team has had 2 releases of new security content via the Enterprise Security Content Update (ESCU) app (v4.17.0 and v4.18.0). With these releases, there a...
...nvestigate unusual activities that might be related to SVR cyber activity.
The new “Ivanti Connect Secure VPN Vulnerabilities'' analytic story addresses critical vulnerabilities CVE-2023-46805 and CVE-2...
assuming that I want to keep the Splunk adminaccount, using a very secure complex password, I believe that by design there is no way of locking out this account.
I am seeking confirmation that t...
...irectory accounts.
A critical security update, CVE-2023-4966, for the NetScaler Application Delivery Controller (ADC) and NetScaler Gateway. This vulnerability, if exploited, can lead to u...
...orking correctly, however, no Security logs for any of the DCs are working. Splunk service is running with a service account that has proper admin permissions. I have edited the DC GPO to allow the s...
...isky Command Abuse Disclosed February 2023 Splunk Unnecessary File Extensions Allowed by Lookup Table Uploads Splunk XSS via View Splunk List All Nonstandard AdminAccounts For all our tools and secur...
...y account (new terms allows for only one account, so admin) broke it (stopped getting alerts). Since its a home lab and not prod I didn't dig into it.
Now that I am digging into it, the g...