Security

Are there any new resources on Splunk On Prem Data Integrity and Anti Tamper Controls?

NightShark
Path Finder

Hello,

I have looked over blogs and topics being discussed about Splunk's Data Integrity Checks and Anti Tampering controls, yet most of the resources found were outdated and/or not found anymore.

Are there any new sources or apps that keep track of Splunk's own security from its Admins via the configuration tracker index or other means?

Thanks,
Best Regards,

Labels (2)
0 Karma
1 Solution

VatsalJagani
SplunkTrust
SplunkTrust

@NightShark - For the 1st item I know you (as a admin user) will see a message on the Splunk screen as shown here in the screenshot, that's where you will see that message.

VatsalJagani_0-1692619827732.png

 

View solution in original post

0 Karma

VatsalJagani
SplunkTrust
SplunkTrust

@NightShark - Splunk has two things for it:

  1. Splunk gives error for file hash not matching if it finds files being updated/deleted which not suppose to change.
  2. It has a configuration changes tracker. Search for index=_configtracker

 

I hope this helps!!!

0 Karma

NightShark
Path Finder

Hello @VatsalJagani,

Thank you for your response, what is that feature called about giving an alert when hashes do not match?

Second of all, is there a list of specific configuration changes that could allow us to tamper with the data before being sent to the indexers like sed being added for example in the configuration files?

Thanks,

Regards,

0 Karma

VatsalJagani
SplunkTrust
SplunkTrust

@NightShark - For the 1st item I know you (as a admin user) will see a message on the Splunk screen as shown here in the screenshot, that's where you will see that message.

VatsalJagani_0-1692619827732.png

 

0 Karma
Get Updates on the Splunk Community!

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...

Combine Multiline Logs into a Single Event with SOCK: a Step-by-Step Guide for ...

Combine multiline logs into a single event with SOCK - a step-by-step guide for newbies Olga Malita The ...