Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to set Splunk as CSP Policy report collector?

cbarthel
Engager
‎10-21-2020 08:25 AM

I am trying to set up Content-Security-Policy, and I need a way to collect violation reports. I was hoping to use Splunk HEC to do this, but so far I am not getting anything in.  If I CURL the collector URL, I can see the result in Splunk. But nothing from Browsers.

Sourcetype is set as json-no-tiimestamp, and I am not sending a response back.  I could not find  as single example of doing this, so if this is not correct please let me know.

Are there any considerations I have not thought of here?  I am not restricting access by IP for the external NAT that leads to the HEC for this instance.  I do not, however, have a proper SSL cert.  Will browsers like Chrome refuse to POST if the HEC only has a self-signed?

Labels (1)
Labels
Tags (2)
Reply

fredclown
Builder
‎10-27-2022 01:18 PM

Splunk requires a token, so this could not be done out of the box. What you could do would be to create a webservice that would take the CSP report and then proxy that to Splunk using HEC with the token. So, the webservice would know what the token is an would be the middle man between Splunk the CSP report.

0 Karma
Reply

vince2010091
Path Finder
‎07-29-2022 07:06 AM

That would-be great, but token might be not compatible with report-uri

0 Karma
Reply
Register for .conf25!
Get Updates on the Splunk Community!

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

In today’s complex digital landscape, security teams face increasing pressure to protect sprawling data across ...

Your summer travels continue with new course releases

Summer in the Northern hemisphere is in full swing, and is often a time to travel and explore. If your summer ...

From Alert to Resolution: How Splunk Observability Helps SREs Navigate Critical ...

It's 3:17 AM, and your phone buzzes with an urgent alert. Wire transfer processing times have spiked, and ...