Splunk Enterprise idle session timeout must be set to not exceed 15 minutes.

An XCCDF Rule

Description

<VulnDiscussion>Automatic session termination after a period of inactivity addresses the potential for a malicious actor to exploit the unattended session. Closing any unattended sessions reduces the attack surface to the application. Satisfies: SRG-APP-000295-AU-000190, SRG-APP-000389-AU-000180</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-251657r1015829_rule
Severity: Medium
References: CCI-002038 CCI-002361 CCI-004895
Updated: 17 days ago

This configuration is performed on the machine used as a search head, which may be a separate machine in a distributed environment.

If the web.conf file does not exist, copy the file from $SPLUNK_HOME/etc/system/default to the $SPLUNK_HOME/etc/system/local directory.

Modify/Add the following lines in the web.conf file:
tools.session.timeout = 15

Splunk Enterprise idle session timeout must be set to not exceed 15 minutes.

Description

Remediation - Manual Procedure