CVE-2022-43572

In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, sending a malformed file through the Splunk-to-Splunk S2S or HTTP Event Collector HEC protocols to an indexer results in a blockage or denial-of-service preventing further indexing...

CVE-2022-43572 Indexing blockage via malformed data sent through S2S or HEC protocols in Splunk Enterprise

In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, sending a malformed file through the Splunk-to-Splunk S2S or HTTP Event Collector HEC protocols to an indexer results in a blockage or denial-of-service preventing further indexing...

PT-2022-26975 · Splunk · Splunk Enterprise

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 8.2.9 Splunk Enterprise versions prior to 8.1.12 Splunk Enterprise versions prior to 9.0.2 Description: The issue occurs when a malformed file is sent through the Splunk-to-Splunk S2S or HTTP Event Collecto...

The first Zbrunk dashboard and other news

The long New Year holiday season in Russia was not in vain. I had time to work on Zbrunk. As you can see, I made my first dashboard and added other features. No more timestamps in code I added functions to get Unix timestamps from lines in human-readable time format, e.g. "2019.12.10 13:00:00"...

Sending tables from Atlassian Confluence to Splunk

Sometimes when we make automated analysis with Splunk, it might be necessary to use information that was entered or edited manually. For example, the classification of network hosts: do they belong to the PCI-DSS Scope or another group critical hosts or not. In this case, Confluence can be quite ...

How to correlate different events in Splunk and make dashboards

Recently I've spent some time dealing with Splunk. Despite the fact that I have already done various Splunk searches before, for example in "Tracking software versions using Nessus and Splunk", the correlation of different events in Splunk seems to be a very different task. And there not so many...