I don’t think Splunk has anti malware software. Their solution collects events(logs) from various detection services and collates the data so that an analyst can see what was going on in a system at a point in time
From below "provides APIs, SDKs, and other interfaces that enable its ecosystem, including third-party developers, partners, and customers to build content that configures and extends Splunk solutions to accommodate specific use cases. "
You may recall that one of the items the Maricopa BoE withheld from the Senate were the Splunk logs. Relevant? I don't know but it's interesting.
===
SPLUNK Company Profile:
Splunk Inc. provides software and cloud solutions that deliver and operationalize insights from the data generated by digital systems in the United States and internationally. The company offers Splunk Platform, a real-time data platform comprising collection, streaming, indexing, search, reporting, analysis, machine learning, alerting, monitoring, and data management capabilities. It also provides Splunk Solutions, such as Splunk Security solutions that enable cybersecurity teams streamline the security operations workflow, accelerate threat detection and response, enhance threat visibility, and scale resources to increase analyst productivity through machine learning and runbook-driven automation; Splunk IT Solutions that provide IT Operations teams visibility and control across cloud and on-premises environments; and Splunk Observability Solutions for building and maintaining infrastructure and applications. In addition, the company offers Ecosystem Solutions, which includes pre-built data inputs, workflows, searches, reports, alerts, custom dashboards, flexible UI components, custom data visualizations, and integration actions and methods, as well as Splunk On-Call, Splunk Infrastructure Monitoring, and Splunk Phantom solutions, which provides APIs, SDKs, and other interfaces that enable its ecosystem, including third-party developers, partners, and customers to build content that configures and extends Splunk solutions to accommodate specific use cases. Further, the company provides adoption and implementation services, education services, and maintenance and customer support services. It sells its offerings directly through field and inside sales, and indirectly through various routes to market with various partners. Splunk Inc. has a strategic partnership with Tenable Holdings, Inc. to secure active directory and converged operational technology environments. The company was incorporated in 2003 and is headquartered in San Francisco, California.
Usually large cash bribes given to corruptible engineer employees to add or remove lines of code in security routines to introduce weaknesses in internationally used firmware, similar to NSA bribes to engineers. A missing line of logic in code is devious and how SSL was weakened in Apple SSL once.
DOMINION!
Similar to Dominion voting machines exploitable weaknesses!
DOIMINION 473,991 lines of source code of ICP2 firmware has WEAKNESSES
Use of MD5 : MD5 is only good for corruption detection, NOT security! NSA banned it in 2001. FIPS 140-2 from 2001 says to use approved secure hashes. People have published "collisions" of any MD5, if bytestream can be stretched.
Weak crackable AES 128 bits used!!! Should be AES 256, but the code silently drops it to AES 128 in undocumented fashion.
Debugging harness code hidden in production firmware builds allows anyone with debugger harness access to RAM space. (proven). Debugger harness can be attached to innocent looking Android Cell Phone and a Arduino dongle, by a voter!.
Hard coded encryption keys hidden in source code (yes really)
Sensitive keys are stored on disk unencrypted and a external device can trivially read these critical crypto keys.
Hard coded encryption keys hidden in source code of the master vote tabulator for the precincts (yes really)
Random number and entropy routine to make live challenge-response keys lacks enough entropy and thus makes VERY CRACKABLE transmission keys.
I don’t think Splunk has anti malware software. Their solution collects events(logs) from various detection services and collates the data so that an analyst can see what was going on in a system at a point in time
Came here to say the same, you beat me to it. Splunk does log collection, analysis, visualization, alarms, and reporting
Anything running on a machine could've been hacked and used as a conduit for nefarious activity, no?
Yes
Log servers, like splunk, rarely have any kind of credentials that would allow any escalation.
I have long believed that CISA is on the right side of History and the sudden "flip" by Krebs was all smoke and mirrors.
Splunk would be one of the ways we prove Election Fraud.
From below "provides APIs, SDKs, and other interfaces that enable its ecosystem, including third-party developers, partners, and customers to build content that configures and extends Splunk solutions to accommodate specific use cases. "
You may recall that one of the items the Maricopa BoE withheld from the Senate were the Splunk logs. Relevant? I don't know but it's interesting.
===
SPLUNK Company Profile:
Splunk Inc. provides software and cloud solutions that deliver and operationalize insights from the data generated by digital systems in the United States and internationally. The company offers Splunk Platform, a real-time data platform comprising collection, streaming, indexing, search, reporting, analysis, machine learning, alerting, monitoring, and data management capabilities. It also provides Splunk Solutions, such as Splunk Security solutions that enable cybersecurity teams streamline the security operations workflow, accelerate threat detection and response, enhance threat visibility, and scale resources to increase analyst productivity through machine learning and runbook-driven automation; Splunk IT Solutions that provide IT Operations teams visibility and control across cloud and on-premises environments; and Splunk Observability Solutions for building and maintaining infrastructure and applications. In addition, the company offers Ecosystem Solutions, which includes pre-built data inputs, workflows, searches, reports, alerts, custom dashboards, flexible UI components, custom data visualizations, and integration actions and methods, as well as Splunk On-Call, Splunk Infrastructure Monitoring, and Splunk Phantom solutions, which provides APIs, SDKs, and other interfaces that enable its ecosystem, including third-party developers, partners, and customers to build content that configures and extends Splunk solutions to accommodate specific use cases. Further, the company provides adoption and implementation services, education services, and maintenance and customer support services. It sells its offerings directly through field and inside sales, and indirectly through various routes to market with various partners. Splunk Inc. has a strategic partnership with Tenable Holdings, Inc. to secure active directory and converged operational technology environments. The company was incorporated in 2003 and is headquartered in San Francisco, California.
Interesting they took that page down (first link)
Exactly what was the software that CISA provided?
Usually large cash bribes given to corruptible engineer employees to add or remove lines of code in security routines to introduce weaknesses in internationally used firmware, similar to NSA bribes to engineers. A missing line of logic in code is devious and how SSL was weakened in Apple SSL once.
DOMINION!
Similar to Dominion voting machines exploitable weaknesses!
DOIMINION 473,991 lines of source code of ICP2 firmware has WEAKNESSES
https://searchvoat.co/v/QRV/4117743
https://searchvoat.co/v/theawakening/4122777/26452660
https://searchvoat.co/v/news/4125573/26586156
snippets :
= = - -
summary of weaknesses placed into Dominion to leverage :
Source code defects found by hackers in "Dominion Democracy Suite Voting System" firmware source :
The system allows the user to select the size of RSA keys, including 1024 bit, laughable in 2020.
SHA-1 in RSA signature generation !!!! :
https://threatpost.com/exploit-fully-breaks-sha-1/151697/
SHA-1 is a Shambles:
(PDF) https://eprint.iacr.org/2020/014.pdf
Use of MD5 : MD5 is only good for corruption detection, NOT security! NSA banned it in 2001. FIPS 140-2 from 2001 says to use approved secure hashes. People have published "collisions" of any MD5, if bytestream can be stretched.
Weak crackable AES 128 bits used!!! Should be AES 256, but the code silently drops it to AES 128 in undocumented fashion.
Debugging harness code hidden in production firmware builds allows anyone with debugger harness access to RAM space. (proven). Debugger harness can be attached to innocent looking Android Cell Phone and a Arduino dongle, by a voter!.
Hard coded encryption keys hidden in source code (yes really)
Sensitive keys are stored on disk unencrypted and a external device can trivially read these critical crypto keys.
Hard coded encryption keys hidden in source code of the master vote tabulator for the precincts (yes really)
Random number and entropy routine to make live challenge-response keys lacks enough entropy and thus makes VERY CRACKABLE transmission keys.
i dont think anyone knows. this would probably be a very high level operation at a Military level
I love Splunk. Easy to use. Free and easy to crack.
Hmmm...