Hello,
I have looked over blogs and topics being discussed about Splunk's Data Integrity Checks and Anti Tampering controls, yet most of the resources found were outdated and/or not found anymore.
Are there any new sources or apps that keep track of Splunk's own security from its Admins via the configuration tracker index or other means?
Thanks,
Best Regards,
@NightShark - For the 1st item I know you (as a admin user) will see a message on the Splunk screen as shown here in the screenshot, that's where you will see that message.
@NightShark - Splunk has two things for it:
I hope this helps!!!
Hello @VatsalJagani,
Thank you for your response, what is that feature called about giving an alert when hashes do not match?
Second of all, is there a list of specific configuration changes that could allow us to tamper with the data before being sent to the indexers like sed being added for example in the configuration files?
Thanks,
Regards,
@NightShark - For the 1st item I know you (as a admin user) will see a message on the Splunk screen as shown here in the screenshot, that's where you will see that message.