Splunk vulnerability analysis – CVE-2024-29946 & CVE-2024-29945 in relation to a common threat model. DISCLAIMER – The author of this blog shall not be held responsible for any negative outcomes that may occur as a result of following advice given in this blog. Caveat emptor – use advice and ideas presented in this blog at your own risk.
Splunk Enterprise (on-premises) can be setup in a vast number of ways, including hardening through network segregation. Splunk components chosen in the diagram are there to highlight where and why trust boundaries may or should be implemented.
This is a follow-up to my previous blog on Auditd and Splunk. That one was about Defender ATP and Proxmox and license consumption. I did not really touch the subject of a good Auditd baseline configuration.
This blog post offers a few simple tricks and tips that will ensure that your security controls do not interfere with each other. The tricks are not really tricks, just plain old configurations which offers food for thought. As we know, Splunk is the most complex beast of a software out there.
Managing a Splunk installation can be a complex task, but with proper tools and processes, it will become a lot more approachable. Recently, a customer wanted to have a Splunk environment that they could install and manage with Ansible. So that is what we created.
Mint Security tarjoaa Splunkia käyttäville erilaisia lisäarvollisia Splunk konsultointipalveluita jolla saadaan omasta ympäristöstä kaikki irti – turvallisesti.
Clustered Splunk Enterprise installations are mainly managed by the related management nodes. Indexer Cluster with the Cluster Master and Search Head Cluster with the Search Head Cluster Deployer. Without an additional process of change management, there is no way to easily track down what has been changed, by who and when.
Mint Security has a set of predefined delivery models to choose from. These are based on best practices and experience.
Team Mint Security participated in the BOTS or BOSS of the SOC event which took place in Helsinki on the 13th of March. BOSS of the SOC is a Capture-the-flag (CTF) event using Splunk technology.
So, you’ve got your Splunk Enterprise up and running and collecting data from some of your systems. A few dashboards have been created too and life is good. But perhaps, there could be more .
Mint Security is a Splunk partner and a license reseller. In addition, Mint Security provides a vast range of überconsulting for Splunk. From a single server to clustered multisite setups with integrated SSO and 2FA.
Splunk Enterprise is known as a de-facto do-it-all log collector, that in reality is fairly easy to start with, but can be complex to master.
