Important information for customers using Splunk Enterprise 6.2 or earlier
Do you use SSL to secure Splunk Enterprise? Are you still using Splunk Enterprise version 6.2 or earlier? If you answered yes to both of these questions, please read on.
Securing communication with your Splunk instance can be essential in today’s digital environment, especially if it is collecting sensitive information. If communication to/from your Splunk instance can be easily intercepted (e.g. public access to SplunkWeb, Forwarders outside firewall) then this communication should be encrypted using SSL. Additionally, security functionality is constantly being enhanced to combat the evolving threat landscape so you should stay on as current a version of Splunk as possible.
You may have heard that the OpenSSL Software Foundation will cease support for OpenSSL version 1.0.1 as …
Best Practices in Protecting Splunk Enterprise
Splunk Enterprise helps companies collect, analyze, and act upon the data generated by their technology infrastructure, security systems and business applications. Customers use Splunk software to achieve operational visibility into critical information technology assets and drive operational performance and business results.
Splunk Apps enhance and extend the Splunk platform and deliver a user experience tailored to typical tasks and roles. Most customers make use of one or more of the 1000+ Apps available in Splunkbase.
While end-users are the main consumers of Apps, App installation requires full administrator access. We strongly discourage customers from granting this access to any user other than designated administrators.
Beyond restricting admin privileges, we recommend adopting the standard deployment and operation practices described briefly …