- Find Answers
- :
- Splunk Administration
- :
- Deployment Architecture
- :
- DB Connect encryption
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Does the splunk DB connect app encrypt communication between splunk and the Database(s) it's connected to?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Unfortunately there is no definitive answer for this question. DB Connect uses JDBC drivers to connect to databases. Some of those JDBC drivers do support encryption, some don't. Some of them encrypt the connection by default, others don't.
Here's a quick list from the top of my head:
- Microsoft SQL Server: SSL encryption is requested by default by the JDBC driver - so it depends on the server settings whether the connection is actually encrypted. It can be enforced to encrypt the connection, though.
- Oracle: The JDBC driver supports multiple connection encryption levels (REJECTED, ACCEPTED, REQUESTED, REQUIRED). Encrypted connection are accepted by default (if enabled on the database server side)
- MySQL: No encryption by default - has to be enabled manually (both on the server and on the Splunk side)
- PostgreSQL: No encryption by default - has to be enabled manually (both on the server and on the Splunk side)
To summarize: In most cases encryption can be enabled but mostly requires some configuration on both sides (server and client).
If you have questions on how to enable encryption on the Splunk side for specific database types, make sure to ask them here on Answers.
Here's an answer that deals with PostgreSQL and SSL: http://splunk-base.splunk.com/answers/68899/dbx-connection-to-postgressql-error-ssl-off
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Unfortunately there is no definitive answer for this question. DB Connect uses JDBC drivers to connect to databases. Some of those JDBC drivers do support encryption, some don't. Some of them encrypt the connection by default, others don't.
Here's a quick list from the top of my head:
- Microsoft SQL Server: SSL encryption is requested by default by the JDBC driver - so it depends on the server settings whether the connection is actually encrypted. It can be enforced to encrypt the connection, though.
- Oracle: The JDBC driver supports multiple connection encryption levels (REJECTED, ACCEPTED, REQUESTED, REQUIRED). Encrypted connection are accepted by default (if enabled on the database server side)
- MySQL: No encryption by default - has to be enabled manually (both on the server and on the Splunk side)
- PostgreSQL: No encryption by default - has to be enabled manually (both on the server and on the Splunk side)
To summarize: In most cases encryption can be enabled but mostly requires some configuration on both sides (server and client).
If you have questions on how to enable encryption on the Splunk side for specific database types, make sure to ask them here on Answers.
Here's an answer that deals with PostgreSQL and SSL: http://splunk-base.splunk.com/answers/68899/dbx-connection-to-postgressql-error-ssl-off
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The connection is via JDBC; so I would assume it depends on the channel between the JDBC driver and the database itself.
Enterprise Security Content Update (ESCU) | New Releases
Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?
Index This | What are the 12 Days of Splunk-mas?
