| DISA_STIG_Splunk_Enterprise_8.x_for_Linux_OS_v1r3.audit from DISA Splunk Enterprise 8.x for Linux v1r3 STIG | |
| SPLK-CL-000010 - Splunk Enterprise idle session timeout must be set to not exceed 15 minutes. | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| SPLK-CL-000060 - Splunk Enterprise must enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period. - lockoutAttempts | ACCESS CONTROL |
| SPLK-CL-000060 - Splunk Enterprise must enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period. - lockoutThresholdMins | ACCESS CONTROL |
| SPLK-CL-000070 - Splunk Enterprise must automatically lock the account until the locked account is released by an administrator when three unsuccessful login attempts in 15 minutes are exceeded. | ACCESS CONTROL |
| SPLK-CL-000090 - Splunk Enterprise must be configured to protect the log data stored in the indexes from alteration. | AUDIT AND ACCOUNTABILITY |
| SPLK-CL-000120 - The System Administrator (SA) and Information System Security Manager (ISSM) must configure the retention of the log records based on the defined security plan. | AUDIT AND ACCOUNTABILITY |
| SPLK-CL-000190 - Splunk Enterprise installation directories must be secured. | AUDIT AND ACCOUNTABILITY |
| SPLK-CL-000340 - Splunk Enterprise must be configured to enforce password complexity by requiring that at least one uppercase character be used. | IDENTIFICATION AND AUTHENTICATION |
| SPLK-CL-000350 - Splunk Enterprise must be configured to enforce password complexity by requiring that at least one lowercase character be used. | IDENTIFICATION AND AUTHENTICATION |
| SPLK-CL-000360 - Splunk Enterprise must be configured to enforce password complexity by requiring that at least one numeric character be used. | IDENTIFICATION AND AUTHENTICATION |
| SPLK-CL-000370 - Splunk Enterprise must be configured to enforce a minimum 15-character password length. | IDENTIFICATION AND AUTHENTICATION |
| SPLK-CL-000380 - Splunk Enterprise must be configured to enforce password complexity by requiring that at least one special character be used. | IDENTIFICATION AND AUTHENTICATION |
| SPLK-CL-000400 - Splunk Enterprise must be configured to enforce a 60-day maximum password lifetime restriction. | IDENTIFICATION AND AUTHENTICATION |
| SPLK-CL-000410 - Splunk Enterprise must be configured to prohibit password reuse for a minimum of five generations. - enablePasswordHistory | IDENTIFICATION AND AUTHENTICATION |
| SPLK-CL-000410 - Splunk Enterprise must be configured to prohibit password reuse for a minimum of five generations. - passwordHistoryCount | IDENTIFICATION AND AUTHENTICATION |
| SPLK-CL-000430 - Splunk Enterprise must use TLS 1.2 and SHA-2 or higher cryptographic algorithms. - inputs.conf ciphersuite | IDENTIFICATION AND AUTHENTICATION |
| SPLK-CL-000430 - Splunk Enterprise must use TLS 1.2 and SHA-2 or higher cryptographic algorithms. - inputs.conf ecdhCurves | IDENTIFICATION AND AUTHENTICATION |
| SPLK-CL-000430 - Splunk Enterprise must use TLS 1.2 and SHA-2 or higher cryptographic algorithms. - inputs.conf sslVersions | IDENTIFICATION AND AUTHENTICATION |
| SPLK-CL-000430 - Splunk Enterprise must use TLS 1.2 and SHA-2 or higher cryptographic algorithms. - ldap.conf TLS_CIPHER_SUITE | IDENTIFICATION AND AUTHENTICATION |
| SPLK-CL-000430 - Splunk Enterprise must use TLS 1.2 and SHA-2 or higher cryptographic algorithms. - ldap.conf TLS_PROTOCOL_MIN | IDENTIFICATION AND AUTHENTICATION |
| SPLK-CL-000430 - Splunk Enterprise must use TLS 1.2 and SHA-2 or higher cryptographic algorithms. - outputs.conf ciphersuite | IDENTIFICATION AND AUTHENTICATION |
| SPLK-CL-000430 - Splunk Enterprise must use TLS 1.2 and SHA-2 or higher cryptographic algorithms. - outputs.conf ecdhCurves | IDENTIFICATION AND AUTHENTICATION |
| SPLK-CL-000430 - Splunk Enterprise must use TLS 1.2 and SHA-2 or higher cryptographic algorithms. - outputs.conf sslVersions | IDENTIFICATION AND AUTHENTICATION |
| SPLK-CL-000430 - Splunk Enterprise must use TLS 1.2 and SHA-2 or higher cryptographic algorithms. - server.conf ciphersuite | IDENTIFICATION AND AUTHENTICATION |
| SPLK-CL-000430 - Splunk Enterprise must use TLS 1.2 and SHA-2 or higher cryptographic algorithms. - server.conf ecdhCurves | IDENTIFICATION AND AUTHENTICATION |
| SPLK-CL-000430 - Splunk Enterprise must use TLS 1.2 and SHA-2 or higher cryptographic algorithms. - server.conf sslVersions | IDENTIFICATION AND AUTHENTICATION |
| SPLK-CL-000430 - Splunk Enterprise must use TLS 1.2 and SHA-2 or higher cryptographic algorithms. - web.conf ciphersuite | IDENTIFICATION AND AUTHENTICATION |
| SPLK-CL-000430 - Splunk Enterprise must use TLS 1.2 and SHA-2 or higher cryptographic algorithms. - web.conf ecdhCurves | IDENTIFICATION AND AUTHENTICATION |
| SPLK-CL-000430 - Splunk Enterprise must use TLS 1.2 and SHA-2 or higher cryptographic algorithms. - web.conf sslVersions | IDENTIFICATION AND AUTHENTICATION |
