Splunk Enterprise idle session timeout must be set to not exceed 15 minutes.

An XCCDF Rule

Details
Profiles

Description

Automatic session termination after a period of inactivity addresses the potential for a malicious actor to exploit the unattended session. Closing any unattended sessions reduces the attack surface to the application. Satisfies: SRG-APP-000295-AU-000190, SRG-APP-000389-AU-000180

ID: SV-251657r1015829_rule
Version: SPLK-CL-000010
Severity: Medium
References: CCI-002038 CCI-002361 CCI-004895
Updated: 16 days ago

Remediation Templates

This configuration is performed on the machine used as a search head, which may be a separate machine in a distributed environment.

If the web.conf file does not exist, copy the file from $SPLUNK_HOME/etc/system/default to the $SPLUNK_HOME/etc/system/local directory.

Modify/Add the following lines in the web.conf file:

tools.session.timeout = 15

Splunk Enterprise idle session timeout must be set to not exceed 15 minutes.

Description

Remediation Templates

A Manual Procedure