Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to set Splunk as CSP Policy report collector?

cbarthel
Engager
‎10-21-2020 08:25 AM

I am trying to set up Content-Security-Policy, and I need a way to collect violation reports. I was hoping to use Splunk HEC to do this, but so far I am not getting anything in.  If I CURL the collector URL, I can see the result in Splunk. But nothing from Browsers.

Sourcetype is set as json-no-tiimestamp, and I am not sending a response back.  I could not find  as single example of doing this, so if this is not correct please let me know.

Are there any considerations I have not thought of here?  I am not restricting access by IP for the external NAT that leads to the HEC for this instance.  I do not, however, have a proper SSL cert.  Will browsers like Chrome refuse to POST if the HEC only has a self-signed?

Labels (1)
Labels
Tags (2)
Reply

fredclown
Builder
‎10-27-2022 01:18 PM

Splunk requires a token, so this could not be done out of the box. What you could do would be to create a webservice that would take the CSP report and then proxy that to Splunk using HEC with the token. So, the webservice would know what the token is an would be the middle man between Splunk the CSP report.

0 Karma
Reply

vince2010091
Path Finder
‎07-29-2022 07:06 AM

That would-be great, but token might be not compatible with report-uri

0 Karma
Reply
Get Updates on the Splunk Community!

SOCin’ it to you at Splunk University

Splunk University is expanding its instructor-led learning portfolio with dedicated Security tracks at .conf25 ...

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

Organizations handling credit card transactions know that PCI DSS compliance is both critical and complex. The ...

Stay Connected: Your Guide to July Tech Talks, Office Hours, and Webinars!

What are Community Office Hours?Community Office Hours is an interactive 60-minute Zoom series where ...