Analysis, viewing, and indexing functions, services, and applications used as part of Splunk Enterprise must be configured to comply with DoD-trusted path and access requirements.
An XCCDF Rule
Description
<VulnDiscussion>Access to Splunk Enterprise for analysis, viewing, indexing functions, services, and applications, such as analysis tools and other vendor-provided applications, must be secured. Software used to perform additional functions, which resides on the server, must also be secured or could provide a vector for unauthorized access to the events repository.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-251677r961863_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Edit the following files in the installation to configure Splunk to use SSL certificates:
This configuration is performed on the machine used as an indexer, which may be a separate machine in a distributed environment.
$SPLUNK_HOME/etc/system/local/inputs.conf