Skip to content

Splunk Enterprise must use TCP for data transmission.

An XCCDF Rule

Description

<VulnDiscussion>If the UDP protocol is used for communication, then data packets that do not reach the server are not detected as a data loss. The use of TCP to transport data improves delivery reliability, adds data integrity, and gives the option to encrypt the traffic.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-251675r879887_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

This configuration is performed on the machine used as an indexer, which may be a separate machine in a distributed environment.

Navigate to $SPLUNK_HOME/etc/system/local/

Modify the inputs.conf file to replace any input that is using a UDP port with a TCP port.