Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to set Splunk as CSP Policy report collector?

cbarthel
Engager
‎10-21-2020 08:25 AM

I am trying to set up Content-Security-Policy, and I need a way to collect violation reports. I was hoping to use Splunk HEC to do this, but so far I am not getting anything in.  If I CURL the collector URL, I can see the result in Splunk. But nothing from Browsers.

Sourcetype is set as json-no-tiimestamp, and I am not sending a response back.  I could not find  as single example of doing this, so if this is not correct please let me know.

Are there any considerations I have not thought of here?  I am not restricting access by IP for the external NAT that leads to the HEC for this instance.  I do not, however, have a proper SSL cert.  Will browsers like Chrome refuse to POST if the HEC only has a self-signed?

Labels (1)
Labels
Tags (2)
Reply

fredclown
Builder
‎10-27-2022 01:18 PM

Splunk requires a token, so this could not be done out of the box. What you could do would be to create a webservice that would take the CSP report and then proxy that to Splunk using HEC with the token. So, the webservice would know what the token is an would be the middle man between Splunk the CSP report.

0 Karma
Reply

vince2010091
Path Finder
‎07-29-2022 07:06 AM

That would-be great, but token might be not compatible with report-uri

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI! Discover how Splunk’s agentic AI ...

[Puzzles] Solve, Learn, Repeat: Dereferencing XML to Fixed-length events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...