Splunk Enterprise idle session timeout must be set to not exceed 15 minutes.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-221938 | SPLK-CL-000190 | SV-221938r879673_rule | Medium |
| Description |
|---|
| Automatic session termination after a period of inactivity addresses the potential for a malicious actor to exploit the unattended session. Closing any unattended sessions reduces the attack surface to the application. |
| STIG | Date |
|---|---|
| Splunk Enterprise 7.x for Windows Security Technical Implementation Guide | 2023-06-09 |
Details
| Check Text ( C-23652r420282_chk ) |
|---|
| Select Settings >> Server Settings >> General Settings and verify that Session timeout is set to 15 minutes or less. If Splunk is not configured to 15 minutes or less, this is a finding. |
| Fix Text (F-23641r420283_fix) |
|---|
| Select Settings >> Server Settings >> General Settings and set Session timeout to 15 minutes or less. |