I am trying to set up Content-Security-Policy, and I need a way to collect violation reports. I was hoping to use Splunk HEC to do this, but so far I am not getting anything in. If I CURL the collector URL, I can see the result in Splunk. But nothing from Browsers.
Sourcetype is set as json-no-tiimestamp, and I am not sending a response back. I could not find as single example of doing this, so if this is not correct please let me know.
Are there any considerations I have not thought of here? I am not restricting access by IP for the external NAT that leads to the HEC for this instance. I do not, however, have a proper SSL cert. Will browsers like Chrome refuse to POST if the HEC only has a self-signed?
... View more