STIGQter: STIG Summary: Splunk Enterprise 7.x for Windows Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

Splunk Enterprise installation directories must be secured.

DISA Rule

SV-221935r508660_rule

Vulnerability Number

V-221935

Group Title

SRG-APP-000118-AU-000100

Rule Version

SPLK-CL-000100

Severity

CAT II

CCI(s)

CCI-001493 - The information system protects audit tools from unauthorized access.
CCI-001494 - The information system protects audit tools from unauthorized modification.
CCI-001495 - The information system protects audit tools from unauthorized deletion.
CCI-000162 - The information system protects audit information from unauthorized access.
CCI-000163 - The information system protects audit information from unauthorized modification.
CCI-000164 - The information system protects audit information from unauthorized deletion.

Weight

Fix Recommendation

This fix must be done as a server administrator.

From an Explorer window, right-click on the Splunk target installation folder and select Properties.

Select the Security tab >> Advanced >> Disable inheritance >> Convert inherited permissions into explicit permissions on this object.

Remove all permission entries except Administrators and SYSTEM, and select OK.

Check Contents

This check must be done as a server administrator.

From an Explorer window, right-click on the Splunk target installation folder and select Properties.

Select the Security tab and then the Advanced button.

Verify that Administrators and SYSTEM are the only accounts listed and are set to Full Control.

If accounts other than Administrators and SYSTEM are listed, this is a finding.

Splunk Enterprise installation directories must be secured.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments