Prior to these updates, Splunk platform instances did not specifically verify the host name information within the TLS certificate that they received when they connected to other instances or APIs. Most of these improvements center around how the Splunk platform handles TLS certificates. TLS certificates can be configured and validated for nearly all Splunk platform instance types, including indexers, indexer clusters, search heads, search head cluster nodes, deployers, forwarders, deployment servers, license servers, and App Key Value Store. The certificates verify that the Splunk platform instances that make the connection are who they say they are. Each connection uses a TLS certificate to establish the secure connection. Splunk platform components use Transport Layer Security (TLS) to connect securely to one another and internal and external APIs. Follow the links in the "Summary of changes" table for details on how to activate the improvements in your environment. You must assign additional capabilities to run some risky and custom search commands.Ī detailed listing of the changes follows. Risky search command safeguard improvements Universal forwarders now support the least-privileged user model for operations on Linux machines.Ĭommunication protocols between deployment clients and servers, including handshake, subscription, and heartbeat logic, change.ĭeployment clients require authentication to download or execute forwarder bundles. Universal forwarders always validate connections from other Splunk platform instances. The Splunk Command Line Interface (CLI) validates TLS certificates for any connections it makes to other Splunk platform instances. Python modules on Splunk platform instances always validate TLS connections. Splunk platform instances verify the hostname in the TLS certificate they receive when they connect to other Splunk platform instances. The following table lists a summary of the changes, the Splunk platforms on which the changes ship, the enforcement mode in which they currently operate, and links to procedures on how to configure Splunk software to enforce the changes. To understand the modes and how they affect your Splunk platform deployment, see Understand warning mode versus enforcement mode for security updates later in this topic. The table in the "Summary of changes" section of this topic provides a summary of the changes, and the following sections provide additional details.Īll of these changes come in one of two operational modes.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |