When Splunk Enterprise is distributed over multiple servers, each server must be configured to disable non-essential capabilities.
An XCCDF Rule
Description
<VulnDiscussion>Applications are capable of providing a wide variety of functions and services. Some of the functions and services may not be necessary to support the configuration. This becomes more of an issue in distributed environments, where the application functions are spread out over multiple servers. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-221934r879587_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
If the Splunk Installation is not distributed among multiple servers, this fix is N/A.
Select Settings >> Monitoring Console.
In the Monitoring Console, select Settings >> General Setup.