I have to check if Splunk is compliant with the security rules at my company.
I tried to login 10 times into Splunk with an invalid password, and it didn’t lock me out.
Is there a way to limit the number of failed login attempts per user?
The best approach would be to front-end the Splunk web interface with a reverse proxy that you can apply your desired policies to. A squid reverse proxy with mod_security used would be a good way to start. I've also had good success with Juniper MAG devices (or the older Juniper SA devices)
The best approach would be to front-end the Splunk web interface with a reverse proxy that you can apply your desired policies to. A squid reverse proxy with mod_security used would be a good way to start. I've also had good success with Juniper MAG devices (or the older Juniper SA devices)