Splunk SOAR Login Panel - Detect

What is the "Splunk SOAR Login Panel - Detect?" module?

The "Splunk SOAR Login Panel - Detect" module is designed to detect the presence of the Splunk SOAR login panel. Splunk SOAR is a software platform that helps organizations automate and orchestrate their security operations. This module focuses on identifying the login panel of Splunk SOAR.

This module has an informative severity level, which means it provides valuable information but does not indicate a critical vulnerability or misconfiguration.

This module was authored by dhiyaneshDK.

Impact

The impact of detecting the Splunk SOAR login panel is primarily informational. It does not indicate any immediate security risks or vulnerabilities. Instead, it provides insights into the presence of the login panel, which can be useful for security assessments and audits.

How does the module work?

The module works by sending an HTTP GET request to the "/login?next=/" path of the target website. It then applies two matching conditions to determine if the Splunk SOAR login panel is present:

- The module checks if the response body contains the HTML title tag "<title>Splunk SOAR</title>". - The module verifies that the response status code is 200, indicating a successful request.

If both conditions are met, the module considers the Splunk SOAR login panel to be detected.

Example HTTP request:

GET /login?next=/ HTTP/1.1
Host: example.com

The module's matching conditions:

- Condition 1: The response body must contain the HTML title tag "<title>Splunk SOAR</title>". - Condition 2: The response status code must be 200.

By analyzing the response of the HTTP request, the module determines if the Splunk SOAR login panel is present on the target website.