My security team has questions surrounding the security of the email alerts sent by SplunkCloud. If these alerts we have set up include sensitive data/information and are getting sent from SplunkCloud to our in-house distro groups is there a way to encrypt them? Does SplunkCloud encrypt them by default or pass them through a secure channel?
Splunk Cloud does not presently support encrypted or signed emails. If this is a requirement, please contact your SE and ask him/her to file a feature request.
If it must be secure, for now I'd recommend making API calls over the REST-API (https) to pull alerts from the management port.
Keep in mind you need to file a ticket asking for the API to be opened up (port is blocked by default).
You can specify a list of IP's for them to whitelist if you'd like (its an option).