https://community.splunk.com/t5/Security/Enable-SHA256/m-p/515271#M11724 <P>What exactly do you wish to encrypt?</P><P>Eight years is a very long time in the Splunk world so you're right to question the validity of information that old.</P><P>The document you cited is also very old, but, fortunately, there's a newer version available at&nbsp;<A href="https://docs.splunk.com/Documentation/Splunk/8.0.5/Security/Dataintegritycontrol" target="_blank">https://docs.splunk.com/Documentation/Splunk/8.0.5/Security/Dataintegritycontrol</A>&nbsp;.</P><P>$SPLUNK_HOME/etc/system/local is fairly empty by default.&nbsp; That's because this directory is intended to hold changes made to the local system (get it?) configuration.&nbsp; The only thing you need to add to a local file is the attribute and value you are changing as well as name of the stanza the contains the attribute.&nbsp; For example, to enable SHA256 encryption for outputbound SAML messages, the local/system file might look like this.</P><LI-CODE lang="markup">[SAML] signatureAlgorithm = RSA-SHA256</LI-CODE> Thu, 20 Aug 2020 17:55:00 GMT richgalloway 2020-08-20T17:55:00Z https://community.splunk.com/t5/Security/Enable-SHA256/m-p/515257#M11723 <P>Hello again, hope not to disturb</P><P>I need to activate SHA256 encryption</P><P>What I have investigated is a function that does not come active by default in splunk</P><P>This <A href="https://community.splunk.com/t5/Archive/Does-Splunk-Support-ShA-256-or-SHA-1/td-p/87404?sort=newest" target="_self">link</A> gives information but I have a couple of doubts, the first is if the information is still valid since it is 8 years ago and second the audit.conf file does not exist in the path <STRONG>/ splunk / etc / system / local</STRONG> so I understand that I must create it, it is not clear to me what information should go on the white list or on the black list, extension of the logs? the name of any indexer? should it be done in the indexers or in the search head?</P><P>I see <A href="https://docs.splunk.com/Documentation/Splunk/6.3.0/Security/Dataintegritycontrol" target="_self">another article</A> on the integrity of the information, does the same? or which option is better?</P><P>Note: whenever possible, I would appreciate it if you specify the paths when mentioning a file since either I am very stupid or all forum users know by heart the paths where each of the files are located</P><P>&nbsp;</P> Thu, 20 Aug 2020 16:09:04 GMT https://community.splunk.com/t5/Security/Enable-SHA256/m-p/515257#M11723 splunkcol 2020-08-20T16:09:04Z https://community.splunk.com/t5/Security/Enable-SHA256/m-p/515271#M11724 <P>What exactly do you wish to encrypt?</P><P>Eight years is a very long time in the Splunk world so you're right to question the validity of information that old.</P><P>The document you cited is also very old, but, fortunately, there's a newer version available at&nbsp;<A href="https://docs.splunk.com/Documentation/Splunk/8.0.5/Security/Dataintegritycontrol" target="_blank">https://docs.splunk.com/Documentation/Splunk/8.0.5/Security/Dataintegritycontrol</A>&nbsp;.</P><P>$SPLUNK_HOME/etc/system/local is fairly empty by default.&nbsp; That's because this directory is intended to hold changes made to the local system (get it?) configuration.&nbsp; The only thing you need to add to a local file is the attribute and value you are changing as well as name of the stanza the contains the attribute.&nbsp; For example, to enable SHA256 encryption for outputbound SAML messages, the local/system file might look like this.</P><LI-CODE lang="markup">[SAML] signatureAlgorithm = RSA-SHA256</LI-CODE> Thu, 20 Aug 2020 17:55:00 GMT https://community.splunk.com/t5/Security/Enable-SHA256/m-p/515271#M11724 richgalloway 2020-08-20T17:55:00Z https://community.splunk.com/t5/Security/Enable-SHA256/m-p/515311#M11725 <P><SPAN>I really appreciate your answer</SPAN></P><P>to encrypt the information that is stored in the indexers, or when the data is stored in the different types of buckets</P><P><SPAN>my client wants me to reassure him that the information stored is not readable</SPAN></P> Thu, 20 Aug 2020 20:57:42 GMT https://community.splunk.com/t5/Security/Enable-SHA256/m-p/515311#M11725 splunkcol 2020-08-20T20:57:42Z https://community.splunk.com/t5/Security/Enable-SHA256/m-p/515438#M11726 Splunk does not support encryption of buckets or indexes. Fri, 21 Aug 2020 12:45:51 GMT https://community.splunk.com/t5/Security/Enable-SHA256/m-p/515438#M11726 richgalloway 2020-08-21T12:45:51Z https://community.splunk.com/t5/Security/Enable-SHA256/m-p/515841#M11741 <P>Tnx</P><P><SPAN class="mw-headline">Configure data integrity control</SPAN></P><P>To configure Data Integrity Control, edit<SPAN>&nbsp;</SPAN>indexes.conf<SPAN>&nbsp;</SPAN>to enable the<SPAN>&nbsp;</SPAN>enableDataIntegrityControl<SPAN>&nbsp;</SPAN>attribute for each index. The default value for all indexes is<SPAN>&nbsp;</SPAN>false<SPAN>&nbsp;</SPAN>(off).</P><PRE>enableDataIntegrityControl=true</PRE><P>&nbsp;</P> Mon, 24 Aug 2020 16:50:20 GMT https://community.splunk.com/t5/Security/Enable-SHA256/m-p/515841#M11741 splunkcol 2020-08-24T16:50:20Z