- Documentation: https://docs.splunk.com/Documentation/Splunk/8.0.2/Security/UseAuthTokens
- Summary: Splunk is a company providing data analysis software. This detector focuses on detecting tokens used to access Splunk's API.
- IPs allowlist: It is not possible to set a specific IP allowlisting for a token. It will share the same allowlisting as the instance.
- Scopes: Different scopes can be selected when creating a token, for example a token may grant access to only one server.
This can be done by the user who issued the token or an administrator.
Access logs are available on the Enterprise instance as described in the access logs documentation.
Category: Development tool
High recall: False
Validity check available: False
Minimum number of matches: 1
Occurrences found for one million commits: 2.54
- type: ContentWhitelistPreValidator patterns: - splunk
- text: "SPLUNK_TOKEN1 = '851A5E58-4EF1-7291-F947-F614A7654321'" token: 851A5E58-4EF1-7291-F947-F614A7654321- text: "splunk-token=176fcebf-4cf5-4edf-91bc-703796554321" token: 176fcebf-4cf5-4edf-91bc-703796554321- text: | some context with the word splunk somewhere access_token: '08243c00-a31b-499d-9fae-776b41994321'" token: 08243c00-a31b-499d-9fae-776b41994321- text: -Dsplunk_token=D6BD1AD4-CB62-4D80-A637-350CE2B14321\ token: D6BD1AD4-CB62-4D80-A637-350CE2B14321