Techniques
Sample rules
Splunk protocol impersonation weak encryption simplerequest
- source: splunk
- technicques:
- T1588.004
Description
On Splunk version 9 on Python3 client libraries verify server certificates by default and use CA certificate store. This search warns a user about a failure to validate a certificate using python3 request.
Detection logic
`splunk_python` "simpleRequest SSL certificate validation is enabled without hostname verification"
| stats count by host path
| `splunk_protocol_impersonation_weak_encryption_simplerequest_filter`