2. ST Identification ST Title: Splunk Inc. Splunk 4.1.7 Security Target ST Version: 2.0 ST Publication Date: February 1, 2011 ST Author: Booz Allen Hamilton
12. TOE Security Functions IT Data Indexing Security Audit Cryptographic Support User Data Protection Identification and Authentication
13. THANK YOU
Notes de l'éditeur
Splunk CLI is the subsystem that consists of the Command-Line Interface. It has the same functionality as the Splunk Web subsystem except for visual presentation functionality, such as dashboards, charts, graphs, and typeahead. A user uses this subsystem by navigating the operating system‘s standard command-line interface to the folder in which the ―splunk‖ process resides. The user then issues the command ―splunk‖ to run the executable, but also adds the action the user wishes to perform as command-line arguments.
A legitimate user of the TOE could gain unauthorized access to resources or information protected by the TOE, or performs operations for which no access rights have been granted, via user error, system error, or other actions. An administrator may incorrectly install or configure the TOE, or install a corrupted TOE resulting in ineffective security mechanisms. A malicious user or process may view audit records and/or IT data, cause the records or information to be lost or modified, or prevent future audit records and IT data from being recorded, thus masking a user‘s action
A.ADMIN admins are assgined to install configure toeThe security features offered by the Operational Environment protect the files used by the TOE. The TOE will be located within controlled access facilities that will prevent unauthorized physical access
The TOE will provide measures to authorize users to access specified TOE resources once the user has been authenticated. User authorization is based on access rights configured by the authorized users of the TOE. The TOE will provide measures for determining security alerts when audit data or IT records that represent any of these alerts is recorded. The TOE‘s operating environment must satisfy the following objectives. OE.ADMIN One or more authorized administrators will The security features offered by the Operational Environment will protect the files used by the TOE.
Each IT data event has at least the date/time of the event, source, source type, and host name. Only authorized users are able to read the indexed IT data by performing searches on the TOE The TOE collects audit logs on TOE startup and shutdown, user login, and any user action on the system, including editing users and configuration The TOE utilizes OpenSSL packages to generate cryptographic keys utilizing the RSA algorithm with 1024-bit keys. The TOE will overwrite old keys whenever a new key is generated TOE utilizes an RBAC Policy which requires roles to be assigned to users to perform anything but the most basic functions of the TOE