Security reference how to secure data inbound to s...

Erbrown · ‎11-08-2023

Hi Folks,

I'm looking for a document that will help me understand my options for ensuring the integrity of data inbound to splunk from monitored devices, and any security options I may have there. I know TLS is an option for inter-splunk traffic. Unfortunately, I'm not having any luck with finding options to ensure the integrity and security of data when it's first received into splunk.

Surely there's a way for me to secure that, what am I missing here?

gcusello · ‎11-08-2023

Hi @Erbrown,

which kind of ingestions are you speaking about: forwarders, syslog, HEC?

if Forwarders, you can excrypt data between Forwarders and Indexers and there are checking technics inside Splunk.

If you're speaking of syslog: I hint to use an rsyslog server and read files using a Universal Forwarders; I'm not sure that's possible to encrypt syslogs; in addition, you could use two UFs and a Load Balancer to avoid Single Point of Failures,

If you're speaking of HEC, you can use https and the token is a securization of your ingestion; as syslogs, you should use two Forwarders and a Load Balancer.

Ciao.

Giuseppe

Security reference how to secure data inbound to splunk from a monitored device

authentication

encryption

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you a member of the Splunk Community?