UCF STIG Viewer Logo

Splunk Enterprise must use TCP for data transmission.


Overview

Finding ID Version Rule ID IA Controls Severity
V-251675 SPLK-CL-000270 SV-251675r819097_rule Medium
Description
If the UDP protocol is used for communication, then data packets that do not reach the server are not detected as a data loss. The use of TCP to transport data improves delivery reliability, adds data integrity, and gives the option to encrypt the traffic.
STIG Date
Splunk Enterprise 8.x for Linux Security Technical Implementation Guide 2022-06-07

Details

Check Text ( C-55113r819095_chk )
This check is performed on the machine used as an indexer, which may be a separate machine in a distributed environment.

Examine the configuration.

Navigate to the $SPLUNK_HOME/etc/system/local/ directory. View the inputs.conf file.

If any input is configured to use a UDP port, this is a finding.
Fix Text (F-55067r819096_fix)
This configuration is performed on the machine used as an indexer, which may be a separate machine in a distributed environment.

Navigate to $SPLUNK_HOME/etc/system/local/

Modify the inputs.conf file to replace any input that is using a UDP port with a TCP port.