LoFP
/
splunk server
Title
Tags
irregular path with files that may be purposely called for benign reasons may produce false positives.
t1190
splunk server
splunk
none identified
t1048
t1048.003
t1070
t1204.002
t1546
t1546.011
t1566
t1566.001
splunk server
endpoint
splunk
only applies to affected versions of splunk enterprise below 9.2.1, 9.1.4, and 9.0.9
T1654
splunk server
splunk
retrieving server information may be a legitimate api request. verify that the attempt is a valid request for information.
splunk server
splunk
this is a hunting search and will produce false positives. operator must follow results into instances where curl requests coming from actual users may indicate intent of exploitation.
t1548
splunk server
splunk
this search encompasses many commands.
t1202
t1548
splunk server
splunk
this search is highly specific for vulnerable versions of splunk add-on builder. there are no known false positives.
t1082
splunk server
splunk
LoFP
/
splunk server