Security

Enable SHA256

splunkcol
Builder

Hello again, hope not to disturb

I need to activate SHA256 encryption

What I have investigated is a function that does not come active by default in splunk

This link gives information but I have a couple of doubts, the first is if the information is still valid since it is 8 years ago and second the audit.conf file does not exist in the path / splunk / etc / system / local so I understand that I must create it, it is not clear to me what information should go on the white list or on the black list, extension of the logs? the name of any indexer? should it be done in the indexers or in the search head?

I see another article on the integrity of the information, does the same? or which option is better?

Note: whenever possible, I would appreciate it if you specify the paths when mentioning a file since either I am very stupid or all forum users know by heart the paths where each of the files are located

 

Labels (1)
Tags (1)
0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust
Splunk does not support encryption of buckets or indexes.
---
If this reply helps you, Karma would be appreciated.

View solution in original post

0 Karma

richgalloway
SplunkTrust
SplunkTrust

What exactly do you wish to encrypt?

Eight years is a very long time in the Splunk world so you're right to question the validity of information that old.

The document you cited is also very old, but, fortunately, there's a newer version available at https://docs.splunk.com/Documentation/Splunk/8.0.5/Security/Dataintegritycontrol .

$SPLUNK_HOME/etc/system/local is fairly empty by default.  That's because this directory is intended to hold changes made to the local system (get it?) configuration.  The only thing you need to add to a local file is the attribute and value you are changing as well as name of the stanza the contains the attribute.  For example, to enable SHA256 encryption for outputbound SAML messages, the local/system file might look like this.

[SAML]
signatureAlgorithm = RSA-SHA256
---
If this reply helps you, Karma would be appreciated.
0 Karma

splunkcol
Builder

I really appreciate your answer

to encrypt the information that is stored in the indexers, or when the data is stored in the different types of buckets

my client wants me to reassure him that the information stored is not readable

0 Karma

richgalloway
SplunkTrust
SplunkTrust
Splunk does not support encryption of buckets or indexes.
---
If this reply helps you, Karma would be appreciated.
0 Karma

splunkcol
Builder

Tnx

Configure data integrity control

To configure Data Integrity Control, edit indexes.conf to enable the enableDataIntegrityControl attribute for each index. The default value for all indexes is false (off).

enableDataIntegrityControl=true

 

Tags (1)
0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...