Splunk Enterprise 7.x for Windows Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Splunk Enterprise must enforce a 60-day maximum password lifetime restriction for the account of last resort.
Any password, no matter how complex, can eventually be cracked. Therefore, passwords need to be changed at specific intervals. If the application does not limit the lifetime of passwords and force ...Rule Low Severity -
Splunk Enterprise must use TLS 1.2 and SHA-2 or higher cryptographic algorithms.
Without cryptographic integrity protections, information can be altered by unauthorized users without detection. To protect the integrity of the authenticator and authentication mechanism used for...Rule High Severity -
Splunk Enterprise must notify the system administrator (SA) and information system security officer (ISSO) when account events are received (creation, deletion, modification, disabling).
Once an attacker establishes access to an application, the attacker often attempts to create a persistent method of reestablishing access. One way to accomplish this is for the attacker to create a...Rule Low Severity -
The System Administrator (SA) and Information System Security Officer (ISSO) must configure the retention of the log records based on the defined security plan.
If authorized individuals do not have the ability to modify auditing parameters in response to a changing threat environment, the organization may not be able to respond effectively and important f...Rule Low Severity -
SRG-APP-000125-AU-000300
Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.