Hi Folks,
I'm looking for a document that will help me understand my options for ensuring the integrity of data inbound to splunk from monitored devices, and any security options I may have there. I know TLS is an option for inter-splunk traffic. Unfortunately, I'm not having any luck with finding options to ensure the integrity and security of data when it's first received into splunk.
Surely there's a way for me to secure that, what am I missing here?
Hi @Erbrown,
which kind of ingestions are you speaking about: forwarders, syslog, HEC?
if Forwarders, you can excrypt data between Forwarders and Indexers and there are checking technics inside Splunk.
If you're speaking of syslog: I hint to use an rsyslog server and read files using a Universal Forwarders; I'm not sure that's possible to encrypt syslogs; in addition, you could use two UFs and a Load Balancer to avoid Single Point of Failures,
If you're speaking of HEC, you can use https and the token is a securization of your ingestion; as syslogs, you should use two Forwarders and a Load Balancer.
Ciao.
Giuseppe