DISA STIG Splunk Enterprise 8.x for Linux v2r1 STIG OS

Audit Details

Name: DISA STIG Splunk Enterprise 8.x for Linux v2r1 STIG OS

Updated: 8/28/2024

Authority: DISA STIG

Plugin: Unix

Revision: 1.0

Estimated Item Count: 15

File Details

Filename: DISA_STIG_Splunk_Enterprise_8.x_for_Linux_OS_v2r1.audit

Size: 45.1 kB

MD5: 0ae81cf0079c891c89d9bd694bd58537

SHA256: 896ea836926aa8b9f4d2192e7c4d0c0cf9536f4a70d070b597b091ae57c948ed

Audit Items

Description	Categories
DISA_STIG_Splunk_Enterprise_8.x_for_Linux_OS_v2r1.audit from DISA Splunk Enterprise 8.x for Linux v2r1 STIG
SPLK-CL-000010 - Splunk Enterprise idle session timeout must be set to not exceed 15 minutes.	ACCESS CONTROL
SPLK-CL-000060 - Splunk Enterprise must enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period.	ACCESS CONTROL
SPLK-CL-000070 - Splunk Enterprise must automatically lock the account until the locked account is released by an administrator when three unsuccessful login attempts in 15 minutes are exceeded.	ACCESS CONTROL
SPLK-CL-000090 - Splunk Enterprise must be configured to protect the log data stored in the indexes from alteration.	AUDIT AND ACCOUNTABILITY
SPLK-CL-000120 - The System Administrator (SA) and Information System Security Manager (ISSM) must configure the retention of the log records based on the defined security plan.	AUDIT AND ACCOUNTABILITY
SPLK-CL-000190 - Splunk Enterprise installation directories must be secured.	AUDIT AND ACCOUNTABILITY
SPLK-CL-000340 - Splunk Enterprise must be configured to enforce password complexity by requiring that at least one uppercase character be used.	IDENTIFICATION AND AUTHENTICATION
SPLK-CL-000350 - Splunk Enterprise must be configured to enforce password complexity by requiring that at least one lowercase character be used.	IDENTIFICATION AND AUTHENTICATION
SPLK-CL-000360 - Splunk Enterprise must be configured to enforce password complexity by requiring that at least one numeric character be used.	IDENTIFICATION AND AUTHENTICATION
SPLK-CL-000370 - Splunk Enterprise must be configured to enforce a minimum 15-character password length.	IDENTIFICATION AND AUTHENTICATION
SPLK-CL-000380 - Splunk Enterprise must be configured to enforce password complexity by requiring that at least one special character be used.	IDENTIFICATION AND AUTHENTICATION
SPLK-CL-000400 - Splunk Enterprise must be configured to enforce a 60-day maximum password lifetime restriction.	IDENTIFICATION AND AUTHENTICATION
SPLK-CL-000410 - Splunk Enterprise must be configured to prohibit password reuse for a minimum of five generations.	IDENTIFICATION AND AUTHENTICATION
SPLK-CL-000430 - Splunk Enterprise must use TLS 1.2 and SHA-2 or higher cryptographic algorithms.	IDENTIFICATION AND AUTHENTICATION

Detections

Analytics

DISA STIG Splunk Enterprise 8.x for Linux v2r1 STIG OS

Audit Details

File Details

Audit Items