Alerting

Security around AlertEmails from SplunkCloud

JScordo
Path Finder

My security team has questions surrounding the security of the email alerts sent by SplunkCloud. If these alerts we have set up include sensitive data/information and are getting sent from SplunkCloud to our in-house distro groups is there a way to encrypt them? Does SplunkCloud encrypt them by default or pass them through a secure channel?

0 Karma

khourihan_splun
Splunk Employee
Splunk Employee

Splunk Cloud does not presently support encrypted or signed emails. If this is a requirement, please contact your SE and ask him/her to file a feature request.

If it must be secure, for now I'd recommend making API calls over the REST-API (https) to pull alerts from the management port.

Keep in mind you need to file a ticket asking for the API to be opened up (port is blocked by default).

You can specify a list of IP's for them to whitelist if you'd like (its an option).

Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...

Index This | Divide 100 by half. What do you get?

November 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

❄️ Celebrate the season with our December lineup of Community Office Hours, Tech Talks, and Webinars! ...