All Apps and Add-ons

Any suggestions on indexing GDPR(PCI/PII) data to Splunk and send protected reports to users

pahujadeep
Explorer

Any suggestions on indexing GDPR(PCI/PII) data to Splunk and send protected reports to users. Also, if it is possible to prevent this data visibility from other Splunk users?

 

Labels (1)
0 Karma
1 Solution

gcusello
SplunkTrust
SplunkTrust

Hi @pahujadeep,

it isn't so easy to configure Splunk acceses to data because in Splunk Access grants are configured for each role at index level, so if you configure a role to see an index, every user with that role can see all the data of that index.

You can disable access to that index for the other roles, but access for all the users with that role is enabled.

The only way could be (but it isn't so easy to do!) it's to create special dashboards with special rules for special roles and disable access to the raw data or give access to data only using closed reports.

As I said, it isn't an easy work!

I hint to define with a great attention the roles for your users for security reasons and, at the same time, appoint as "Data Processors" the users who can access the index.

Ciao.

Giuseppe

View solution in original post

pahujadeep
Explorer

many thanks, other than Splunk's out of the box functionality to restrict user roles etc any app suggestions which can help here?

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @pahujadeep,

the only way is to build dashboards with restricted access to data, in other words disable the Open_in_search button.

In this way users can see only the data you display in dashboards.

Ciao.

Giuseppe

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @pahujadeep,

it isn't so easy to configure Splunk acceses to data because in Splunk Access grants are configured for each role at index level, so if you configure a role to see an index, every user with that role can see all the data of that index.

You can disable access to that index for the other roles, but access for all the users with that role is enabled.

The only way could be (but it isn't so easy to do!) it's to create special dashboards with special rules for special roles and disable access to the raw data or give access to data only using closed reports.

As I said, it isn't an easy work!

I hint to define with a great attention the roles for your users for security reasons and, at the same time, appoint as "Data Processors" the users who can access the index.

Ciao.

Giuseppe

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...