Analysis, viewing, and indexing functions, services, and applications used as part of Splunk Enterprise must be configured to comply with DoD-trusted path and access requirements.
An XCCDF Rule
Description
Access to Splunk Enterprise for analysis, viewing, indexing functions, services, and applications, such as analysis tools and other vendor-provided applications, must be secured. Software used to perform additional functions, which resides on the server, must also be secured or could provide a vector for unauthorized access to the events repository.
- ID
- SV-251677r961863_rule
- Version
- SPLK-CL-000290
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
Edit the following files in the installation to configure Splunk to use SSL certificates:
This configuration is performed on the machine used as an indexer, which may be a separate machine in a distributed environment.
$SPLUNK_HOME/etc/system/local/inputs.conf