Splunk Enterprise Information Disclosure

Description

This search allows you to look for evidence of exploitation for CVE-2018-11409, a Splunk Enterprise Information Disclosure Bug.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Security Monitoring

Category

Vulnerability

Alert Volume

This search allows you to look for evidence of exploitation for CVE-2018-11409, a Splunk Enterprise Information Disclosure Bug.

SPL Difficulty

None

Journey

Stage 3

Kill Chain Phases

Delivery

Data Sources

Any Splunk Logs

   Help

Splunk Enterprise Information Disclosure Help

The REST endpoint that exposes system information is also necessary for the proper operation of Splunk clustering and instrumentation. Whitelisting your Splunk systems will reduce false positives.

   Search

Open in Search