Updated revision of 2019 bsides talk. Including changes in 8.x and 9.x Splunk is designed under the idea that all the data should be usable by everyone. Many of these principles are the default settings for much of the security in splunk. This session will review the ways to ensure that you can different groups of users sharing a single stack without risking data leakage. While there is always some risk there are many knobs, dials and settings that can be changed to ensure that users only access their data as well as design principles when building this system to ensure users have limited access while maintaining the appropriate usability of Splunk.
Slides: https://github.com/bsidessplunk/2022/tree/main/Multi-Tenant%20Splunk%20Pitfalls
