Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About tdeanesh
tdeanesh
Loves-to-Learn Lots
Member since:
07-06-2023
08-09-2023
Community Statistics
| Posts | 9 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 07-06-2023 |
Activity Feed
- Posted Re: Splunk 9.0.5 - Workaround - disabling the ability to process ANSI escape codes on Deployment Architecture. 08-09-2023 10:27 AM
- Posted Re: Splunk 9.0.5 - Workaround - disabling the ability to process ANSI escape codes on Deployment Architecture. 08-08-2023 02:27 AM
- Posted Re: Splunk 9.0.5 - Workaround - disabling the ability to process ANSI escape codes on Deployment Architecture. 08-07-2023 06:39 AM
- Posted Re: Splunk 9.0.5 - Workaround - disabling the ability to process ANSI escape codes on Deployment Architecture. 08-07-2023 04:59 AM
- Posted Re: Splunk KVStore API Call : Field Value too Long on Other Usage. 08-03-2023 02:14 AM
- Posted Splunk 9.0.5 - Workaround - disabling the ability to process ANSI escape codes on Deployment Architecture. 08-03-2023 02:09 AM
- Posted Re: Splunk KVStore API Call : Field Value too Long on Other Usage. 07-07-2023 01:04 AM
- Posted Re: Splunk KVStore API Call : Field Value too Long on Other Usage. 07-06-2023 06:28 PM
- Posted Splunk KVStore API Call : Why is the field Value too Long? on Other Usage. 07-06-2023 02:43 AM
Topics I've Started
08-09-2023
10:27 AM
I have one more question after discussing internally Is there a way/mechanism available to identify if the splunk log files are effected and if possible isolate Please let me know if there is any tool/script which is already available ? Thanks in advance
... View more
08-08-2023
02:27 AM
Thanks for response. Based on articles/links and interactions with other members. Note: Below workaround solution varies based on deployment (attack surface) for other setups Simple/Minimal solution I see as of now: --------------------------------------------------------------------------------------- Summary: Issue: Unauthenticated Log Injection in Splunk Enterprise Attack Surface : Not straight forward (There is minimal scope of any injection from Splunk Enterprise setup as it has been configured for few restricted users) Link: https://community.splunk.com/t5/Deployment-Architecture/How-to-disable-the-ability-to-process-ANSI-escape-codes-in/m-p/652022 Workaround: Ask end user to use “less” command instead of “cat”/”tail” commands to access splunk logs ( To be on safer side) in terminal. ---------------------------------------------------------------------------------------- Please let me know anything else needs to be added for workaround. Please feel free to correct if I am missing anything during understanding
... View more
08-07-2023
06:39 AM
Here under Terminal emulation option also I dont see any specific option through which ANSI codes can be controlled Am I seeing the correct option? Option and approach needs to be documented from my side properly in a step by step manner Unless I am clear with the approach, I cannot come up with the steps for disabling the ability on Terminal Thanks for the prompt replies
... View more
08-07-2023
04:59 AM
I have question specific to Putty What all options need to disabled as part of this suggestion Sample screeshot of putty is attached below
... View more
08-03-2023
02:14 AM
Actually as per Splunk Team. This issue is fixed in Splunk 8.2.6 or higher versions. So we just need to upgrade to 8.2.6 atleast Column size is increased from 512 KB. Need to confirm the next max possible Size
... View more
08-03-2023
02:09 AM
As mentioned in https://advisory.splunk.com/advisories/SVD-2023-0606 under "Mitigations and Workarounds" users can protect themselves from log injections via ANSI escape characters in general, by disabling the ability to process ANSI escape codes Above statement is very generic statement and we cannot find any articles in internet about how to do the same. Take for e.g SSH putty is generally used by most users. Above statement says to disable process of ANSI escape codes from this terminal app ? If that is the case. Where can we find the disabling ANSI escape codes documentation This is just one generic example As this is mitigation and workaround we also need to be carefully weigh Pros/Cons of it Please correct me If my understanding is wrong ? Any help/pointers in making us understand the above point will be of great help
... View more
Labels
- Labels:
-
other
07-07-2023
01:04 AM
Thanks for the reply. Let me check if we can limit the value below max size allowed for the attribute before inserting into KVStore
... View more
07-06-2023
02:43 AM
While doing splunk API post call for KVStore one of the field [string] attribute size is large
so API call fails saying below statement
String value too long. valueSize=526402, maxValueSize=524288
Is there a way we can increase the field [string] length through configuration ?
Please let me know your suggestions
... View more
- Tags:
- kvstore
Labels
- Labels:
-
other
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
08-09-2023
12:31 PM
|
