STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to Splunk Enterprise 8.x for Linux Security Technical Implementation Guide

V-251675

CAT II (Medium)

Splunk Enterprise must use TCP for data transmission.

Rule ID

SV-251675r961863_rule

STIG

Splunk Enterprise 8.x for Linux Security Technical Implementation Guide

Version

V2R3

CCIs

CCI-000366

Discussion

If the UDP protocol is used for communication, then data packets that do not reach the server are not detected as a data loss. The use of TCP to transport data improves delivery reliability, adds data integrity, and gives the option to encrypt the traffic.

Check Content

This check is performed on the machine used as an indexer, which may be a separate machine in a distributed environment.

Examine the configuration.

Navigate to the $SPLUNK_HOME/etc/system/local/ directory. View the inputs.conf file.

If any input is configured to use a UDP port, this is a finding.

Fix Text

This configuration is performed on the machine used as an indexer, which may be a separate machine in a distributed environment.

Navigate to $SPLUNK_HOME/etc/system/local/

Modify the inputs.conf file to replace any input that is using a UDP port with a TCP port.