Security around AlertEmails from SplunkCloud

JScordo · ‎01-15-2016

My security team has questions surrounding the security of the email alerts sent by SplunkCloud. If these alerts we have set up include sensitive data/information and are getting sent from SplunkCloud to our in-house distro groups is there a way to encrypt them? Does SplunkCloud encrypt them by default or pass them through a secure channel?

khourihan_splun · ‎01-16-2016

Splunk Cloud does not presently support encrypted or signed emails. If this is a requirement, please contact your SE and ask him/her to file a feature request.

If it must be secure, for now I'd recommend making API calls over the REST-API (https) to pull alerts from the management port.

Keep in mind you need to file a ticket asking for the API to be opened up (port is blocked by default).

You can specify a list of IP's for them to whitelist if you'd like (its an option).

Security around AlertEmails from SplunkCloud

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation

Security around AlertEmails from SplunkCloud

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future