Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Enable SHA256

splunkcol
Builder
‎08-20-2020 09:09 AM

Hello again, hope not to disturb

I need to activate SHA256 encryption

What I have investigated is a function that does not come active by default in splunk

This link gives information but I have a couple of doubts, the first is if the information is still valid since it is 8 years ago and second the audit.conf file does not exist in the path / splunk / etc / system / local so I understand that I must create it, it is not clear to me what information should go on the white list or on the black list, extension of the logs? the name of any indexer? should it be done in the indexers or in the search head?

I see another article on the integrity of the information, does the same? or which option is better?

Note: whenever possible, I would appreciate it if you specify the paths when mentioning a file since either I am very stupid or all forum users know by heart the paths where each of the files are located

 

Labels (1)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎08-21-2020 05:45 AM
Splunk does not support encryption of buckets or indexes.
---
If this reply helps you, Karma would be appreciated.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎08-20-2020 10:55 AM

What exactly do you wish to encrypt?

Eight years is a very long time in the Splunk world so you're right to question the validity of information that old.

The document you cited is also very old, but, fortunately, there's a newer version available at https://docs.splunk.com/Documentation/Splunk/8.0.5/Security/Dataintegritycontrol .

$SPLUNK_HOME/etc/system/local is fairly empty by default.  That's because this directory is intended to hold changes made to the local system (get it?) configuration.  The only thing you need to add to a local file is the attribute and value you are changing as well as name of the stanza the contains the attribute.  For example, to enable SHA256 encryption for outputbound SAML messages, the local/system file might look like this.

[SAML]
signatureAlgorithm = RSA-SHA256
---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

splunkcol
Builder
‎08-20-2020 01:57 PM

I really appreciate your answer

to encrypt the information that is stored in the indexers, or when the data is stored in the different types of buckets

my client wants me to reassure him that the information stored is not readable

0 Karma
Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎08-21-2020 05:45 AM
Splunk does not support encryption of buckets or indexes.
---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

splunkcol
Builder
‎08-24-2020 09:50 AM

Tnx

Configure data integrity control

To configure Data Integrity Control, edit indexes.conf to enable the enableDataIntegrityControl attribute for each index. The default value for all indexes is false (off).

enableDataIntegrityControl=true

 

Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...