All Apps and Add-ons

Any suggestions on indexing GDPR(PCI/PII) data to Splunk and send protected reports to users

pahujadeep
Explorer

Any suggestions on indexing GDPR(PCI/PII) data to Splunk and send protected reports to users. Also, if it is possible to prevent this data visibility from other Splunk users?

 

Labels (1)
0 Karma
1 Solution

gcusello
SplunkTrust
SplunkTrust

Hi @pahujadeep,

it isn't so easy to configure Splunk acceses to data because in Splunk Access grants are configured for each role at index level, so if you configure a role to see an index, every user with that role can see all the data of that index.

You can disable access to that index for the other roles, but access for all the users with that role is enabled.

The only way could be (but it isn't so easy to do!) it's to create special dashboards with special rules for special roles and disable access to the raw data or give access to data only using closed reports.

As I said, it isn't an easy work!

I hint to define with a great attention the roles for your users for security reasons and, at the same time, appoint as "Data Processors" the users who can access the index.

Ciao.

Giuseppe

View solution in original post

pahujadeep
Explorer

many thanks, other than Splunk's out of the box functionality to restrict user roles etc any app suggestions which can help here?

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @pahujadeep,

the only way is to build dashboards with restricted access to data, in other words disable the Open_in_search button.

In this way users can see only the data you display in dashboards.

Ciao.

Giuseppe

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @pahujadeep,

it isn't so easy to configure Splunk acceses to data because in Splunk Access grants are configured for each role at index level, so if you configure a role to see an index, every user with that role can see all the data of that index.

You can disable access to that index for the other roles, but access for all the users with that role is enabled.

The only way could be (but it isn't so easy to do!) it's to create special dashboards with special rules for special roles and disable access to the raw data or give access to data only using closed reports.

As I said, it isn't an easy work!

I hint to define with a great attention the roles for your users for security reasons and, at the same time, appoint as "Data Processors" the users who can access the index.

Ciao.

Giuseppe

View solution in original post

Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.