Re: how to input encrypted files like PGP encrypte...

VSIRIS · ‎06-29-2020

Hello Everyone,

Does anyone know if there is any method in Splunk to index encrypted input files like PGP encrypted files.

ashish9433 · ‎06-29-2020

Hey,

There is no direct way of onboarding encrypted data to Splunk. In case there is a requirement to do so, you can go ahead and write a script (python/shell) that access the API of encrypted source, parse it and send it to Splunk.

There is a python library to address this

https://pypi.org/project/py-pgp/

The below code should be a starter for you

import pgpy

emsg = pgpy.PGPMessage.from_file(<path to the file from the client that was encrypted using your public key>)
key,_  = pgpy.PGPKey.from_file(<path to your private key>)
with key.unlock(<your private key passpharase>):
    print (key.decrypt(emsg).message)

how to input encrypted files like PGP encrypted files

index

monitor

Can’t make it to .conf25? Join us online!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

Calling All Security Pros: Ready to Race Through Boston?

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Are you a member of the Splunk Community?