Security

Splunk cloud rest API call related security questions

santosh121
Explorer

Dear All,

We are trying to build splunk cloud rest api call where we will be sending data from splunk cloud to another server via rest api call.

Since it is production data below are few points raised by security team and asked us to get that verified whether splunk supports these security noums or not.

 

1. All the APIs must be served securely over HTTPS using TLS v1.2 with oauth 2.0 implementation.

2. Any HTTP API requests must be rejected or redirected to HTTPS.

3. The API token must be validated for signing, tampering and expiry before any details are extracted from the token.

4. The API token expiry must be limited to 15 mins only.

5. The IP whitelisting must be performed for all INTERNET facing API endpoints to reject any unauthorized requests.

6. The API credentials must be set to expire and rotated at least annually.

7. The API credentials must be stored encrypted in Key vault and access must be granted to application or user following principle of least privilege.

8. The API credentials must not be hardcoded within the application source code, client-side scripts, or configuration files.

9. The tokens or credentials must not be passed in the URL parameters.

10. The API tokens must be scoped following the principle of least privilege and validated at method level.

11. Enumerable ID values must not be used in API methods.

12. Proper error or exception handling must be performed to return only generic error messages.

13. API rate limiting must be performed.

14. Proper input and content validation must be performed at the APIs including length, datatype etc.

15. In case of file uploads, file type, content type validation and scanning must be performed.

16. Un wanted HTTP methods must be disabled.

17. Log failed attempts, denied access, input validation failures, any failures in security policy checks must be logged.

18. No sensitive data must be captured in the logs.

19. The API logs must be ingested automatically into Genpact SIEM using standard integration mechanism for monitoring.

20. APIs must implement strict authentication, security headers, redirects, CORS etc.

21. All the API endpoints internally or externally exposed must undergo InfoSec design review and security testing before moving to production.

can someone provide any details on them.

 

Regards,

Santosh

Labels (1)
0 Karma

venkatasri
Influencer

Hi @santosh121 

It's quite extensive list, some of them being directly supported and others need to be supported through other products example Load balancer front of Splunk API's. I would  recommend to connect with Splunk support for the correct guidance.

---

An upvote would be appreciated if it helps!

Tags (1)
0 Karma
Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.