Techniques
Sample rules
Splunk DOS Via Dump SPL Command
- source: splunk
- technicques:
- T1499.004
Description
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, an attacker can exploit a vulnerability in the dump SPL command to cause a Denial of Service by crashing the Splunk daemon.
Detection logic
`splunk_crash_log` "*Segmentation fault*"
| stats count by host _time
| `splunk_dos_via_dump_spl_command_filter`