Security

Security reference how to secure data inbound to splunk from a monitored device

Erbrown
Observer

Hi Folks,

 

I'm looking for a document that will help me understand my options for ensuring the integrity of data inbound to splunk from monitored devices, and any security options I may have there.  I know TLS is an option for inter-splunk traffic.  Unfortunately, I'm not having any luck with finding options to ensure the integrity and security of data when it's first received into splunk.

Surely there's a way for me to secure that, what am I missing here?

 

Labels (2)
0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @Erbrown,

which kind of ingestions are you speaking about: forwarders, syslog, HEC?

if Forwarders, you can excrypt data between Forwarders and Indexers and there are checking technics inside Splunk.

If you're speaking of syslog: I hint to use an rsyslog server and read files using a Universal Forwarders; I'm not sure that's possible to encrypt syslogs; in addition, you could use two UFs and a Load Balancer to avoid Single Point of Failures,

If you're speaking of HEC, you can use https and the token is a securization of your ingestion; as syslogs, you should use two Forwarders and a Load Balancer.

Ciao.

Giuseppe

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...

Index This | Divide 100 by half. What do you get?

November 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

❄️ Celebrate the season with our December lineup of Community Office Hours, Tech Talks, and Webinars! ...