STIGQter STIGQter: STIG Summary: Splunk Enterprise 7.x for Windows Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

Splunk Enterprise must use HTTPS/SSL for access to the user interface.

DISA Rule

SV-221607r508660_rule

Vulnerability Number

V-221607

Group Title

SRG-APP-000156-AU-002380

Rule Version

SPLK-CL-000060

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

This configuration is performed on the machine used as a search head, which may be a separate machine in a distributed environment.

Edit the following file in the installation to configure Splunk to use SSL certificates:

$SPLUNK_HOME/etc/system/local/web.conf

(Note that these files may exist in one of the following folders or its subfolders:
$SPLUNK_HOME/etc/apps/
$SPLUNK_HOME/etc/slave-apps/)

[settings]
enableSplunkWebSSL = true
privKeyPath = <path to the private key generated for the DoD approved certificate>
serverCert = <path to the DoD approved certificate in PEM format>

Check Contents

This check is performed on the machine used as a search head, which may be a separate machine in a distributed environment.

If the instance being reviewed is not used as a search head, this check in N/A.

Select Settings >> Server Settings >> General Settings and verify that Enable SSL in Splunk Web is set.

If Enable SSL is not set, this is a finding.

Vulnerability Number

V-221607

Documentable

False

Rule Version

SPLK-CL-000060

Severity Override Guidance

This check is performed on the machine used as a search head, which may be a separate machine in a distributed environment.

If the instance being reviewed is not used as a search head, this check in N/A.

Select Settings >> Server Settings >> General Settings and verify that Enable SSL in Splunk Web is set.

If Enable SSL is not set, this is a finding.

Check Content Reference

M

Target Key

4082

Comments