- Documentation: https://docs.splunk.com/Documentation/Splunk/8.1.0/Security/Secureyouradminaccount
- Summary: Splunk is a company providing data analysis software. This detector focuses on detecting admin credentials for Splunk Enterprise.
- IPs allowlist: It is possible to restrict access to a Splunk Enterprise instance, this is documented here.
- Scopes: These credentials are the admin credentials, they have full access to the instance.
The password can be reset as described in the documentation.
Access logs are available on the Enterprise instance as described in the access logs documentation.
Splunk user seed#
Category: Development tool
High recall: False
Validity check available: False
Minimum number of matches: 2
Occurrences found for one million commits: 0.03
- type: FilenameWhitelistPreValidator whitelist_extensions:  whitelist_filenames: - user-seed.conf whitelist_filepaths: 
- text: | [user_info] USERNAME = hello PASSWORD = splunkme username: hello password: splunkme filename: user-seed.conf