Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to set Splunk as CSP Policy report collector?

cbarthel
Engager
‎10-21-2020 08:25 AM

I am trying to set up Content-Security-Policy, and I need a way to collect violation reports. I was hoping to use Splunk HEC to do this, but so far I am not getting anything in.  If I CURL the collector URL, I can see the result in Splunk. But nothing from Browsers.

Sourcetype is set as json-no-tiimestamp, and I am not sending a response back.  I could not find  as single example of doing this, so if this is not correct please let me know.

Are there any considerations I have not thought of here?  I am not restricting access by IP for the external NAT that leads to the HEC for this instance.  I do not, however, have a proper SSL cert.  Will browsers like Chrome refuse to POST if the HEC only has a self-signed?

Labels (1)
Labels
Tags (2)
Reply

fredclown
Builder
‎10-27-2022 01:18 PM

Splunk requires a token, so this could not be done out of the box. What you could do would be to create a webservice that would take the CSP report and then proxy that to Splunk using HEC with the token. So, the webservice would know what the token is an would be the middle man between Splunk the CSP report.

0 Karma
Reply

vince2010091
Path Finder
‎07-29-2022 07:06 AM

That would-be great, but token might be not compatible with report-uri

0 Karma
Reply
Get Updates on the Splunk Community!

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

[Puzzles] Solve, Learn, Repeat: Nested loops in Event Conversion

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Your Guide to Splunk Digital Experience Monitoring

A flawless digital experience isn't just an advantage, it's key to customer loyalty and business success. But ...