Skip to main content

Splunk User Credentials



  • Documentation:
  • Summary: Splunk is a company providing data analysis software. This detector focuses on detecting admin credentials for Splunk Enterprise.
  • IPs allowlist: It is possible to restrict access to a Splunk Enterprise instance, this is documented here.
  • Scopes: These credentials are the admin credentials, they have full access to the instance.

Revoke the secret

The password can be reset as described in the documentation.

Check for suspicious activity

Access logs are available on the Enterprise instance as described in the access logs documentation.

Details for Splunk user seed

  • Family: Other

  • Category: Monitoring

  • Company: Splunk

  • High recall: False

  • Validity check available: False

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 0.03

  • Prefixed: False

  • PreValidators:

- type: FilenameWhitelistPreValidator
whitelist_extensions: []
- user-seed.conf
whitelist_filepaths: []


- text: |
USERNAME = hello
PASSWORD = spluqkuc
username: hello
password: spluqkuc

How can I help you ?