Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Splunk Enterprise forwarders must be configured with Indexer Acknowledgement enabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-221936 | SPLK-CL-000175 | SV-221936r961863_rule | Low |
| Description |
|---|
| To prevent the loss of data during transmission, a handshake acknowledgement between the sender and the recipient may need configured. |
| STIG | Date |
|---|---|
| Splunk Enterprise 7.x for Windows Security Technical Implementation Guide | 2024-06-10 |
Details
| Check Text ( C-23650r420276_chk ) |
|---|
| If the server being reviewed is not a forwarder, this check is N/A. In the Splunk installation folder, check the following file in the $SPLUNK_HOME/etc/system/local folder: outputs.conf Locate the section similar to: [tcpout:group1] useACK=true Note that group1 may be named differently depending on how tcpout was configured. If the useACK=true statement is missing or set to false, this is a finding. |
| Fix Text (F-23639r420277_fix) |
|---|
| If the server is not a forwarder, this check is N/A. In the Splunk installation folder, edit the following file in the $SPLUNK_HOME/etc/system/local folder: outputs.conf Locate the section similar to: [tcpout:group1] Note that group1 may be named differently depending on how tcpout was configured. Add the following line under the group stanza above: useACK=true |