Splunk Enterprise idle session timeout must be set to not exceed 15 minutes.
An XCCDF Rule
Description
<VulnDiscussion>Automatic session termination after a period of inactivity addresses the potential for a malicious actor to exploit the unattended session. Closing any unattended sessions reduces the attack surface to the application. Satisfies: SRG-APP-000295-AU-000190, SRG-APP-000389-AU-000180</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-251657r879673_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
This configuration is performed on the machine used as a search head, which may be a separate machine in a distributed environment.
If the web.conf file does not exist, copy the file from $SPLUNK_HOME/etc/system/default to the $SPLUNK_HOME/etc/system/local directory.
Modify/Add the following lines in the web.conf file: