Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-251675 | SPLK-CL-000270 | SV-251675r819097_rule | Medium |
Description |
---|
If the UDP protocol is used for communication, then data packets that do not reach the server are not detected as a data loss. The use of TCP to transport data improves delivery reliability, adds data integrity, and gives the option to encrypt the traffic. |
STIG | Date |
---|---|
Splunk Enterprise 8.x for Linux Security Technical Implementation Guide | 2022-06-07 |
Check Text ( C-55113r819095_chk ) |
---|
This check is performed on the machine used as an indexer, which may be a separate machine in a distributed environment. Examine the configuration. Navigate to the $SPLUNK_HOME/etc/system/local/ directory. View the inputs.conf file. If any input is configured to use a UDP port, this is a finding. |
Fix Text (F-55067r819096_fix) |
---|
This configuration is performed on the machine used as an indexer, which may be a separate machine in a distributed environment. Navigate to $SPLUNK_HOME/etc/system/local/ Modify the inputs.conf file to replace any input that is using a UDP port with a TCP port. |