About securing Splunk software
During and after your Splunk installation, you must take steps to secure both your configuration and your data. Taking the proper steps to secure your Splunk installation reduces its attack surface and mitigates the risk and impact of most vulnerabilities. Some steps are simple, such as making sure your physical servers are secure and that your passwords are managed properly. Others, such as configuring encryption, are a bit more complex but important to the integrity of your data.
This manual describes all of the areas of security that should be included in your configuration:
- Install Splunk software securely
- Manage users and role-based access control using your chosen form of authentication
- Use certificates to secure indexers, forwarders, and Splunk Web, where data is most vulnerable
- Use encryption to secure your configuration information
- Use auditing to keep track of activity in your system.
Use the How to secure and harden your Splunk software installation as a checklist and roadmap to ensure that you make your configuration and data as secure as possible.
How to secure and harden your Splunk software installation
This documentation applies to the following versions of Splunk® Enterprise: 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.3.8, 6.3.9, 6.3.10, 6.3.11, 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.5.0, 6.5.1, 6.5.1612 (Splunk Cloud only), 6.5.2, 6.5.3, 6.5.4, 6.5.5, 6.6.0, 6.6.1, 6.6.2