STIGQter: STIG Summary: Splunk Enterprise 7.x for Windows Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Splunk Enterprise 7.x for Windows Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:SV-221607r508660_rule
V-221607
SRG-APP-000156-AU-002380
SPLK-CL-000060
CAT II
10
This configuration is performed on the machine used as a search head, which may be a separate machine in a distributed environment.
Edit the following file in the installation to configure Splunk to use SSL certificates:
$SPLUNK_HOME/etc/system/local/web.conf
(Note that these files may exist in one of the following folders or its subfolders:
$SPLUNK_HOME/etc/apps/
$SPLUNK_HOME/etc/slave-apps/)
[settings]
enableSplunkWebSSL = true
privKeyPath = <path to the private key generated for the DoD approved certificate>
serverCert = <path to the DoD approved certificate in PEM format>
This check is performed on the machine used as a search head, which may be a separate machine in a distributed environment.
If the instance being reviewed is not used as a search head, this check in N/A.
Select Settings >> Server Settings >> General Settings and verify that Enable SSL in Splunk Web is set.
If Enable SSL is not set, this is a finding.
V-221607
False
SPLK-CL-000060
This check is performed on the machine used as a search head, which may be a separate machine in a distributed environment.
If the instance being reviewed is not used as a search head, this check in N/A.
Select Settings >> Server Settings >> General Settings and verify that Enable SSL in Splunk Web is set.
If Enable SSL is not set, this is a finding.
M
4082