All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Any suggestions on indexing GDPR(PCI/PII) data to Splunk and send protected reports to users

pahujadeep
Explorer
‎05-04-2021 02:46 AM

Any suggestions on indexing GDPR(PCI/PII) data to Splunk and send protected reports to users. Also, if it is possible to prevent this data visibility from other Splunk users?

 

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎05-04-2021 03:01 AM

Hi @pahujadeep,

it isn't so easy to configure Splunk acceses to data because in Splunk Access grants are configured for each role at index level, so if you configure a role to see an index, every user with that role can see all the data of that index.

You can disable access to that index for the other roles, but access for all the users with that role is enabled.

The only way could be (but it isn't so easy to do!) it's to create special dashboards with special rules for special roles and disable access to the raw data or give access to data only using closed reports.

As I said, it isn't an easy work!

I hint to define with a great attention the roles for your users for security reasons and, at the same time, appoint as "Data Processors" the users who can access the index.

Ciao.

Giuseppe

View solution in original post

Reply
Solved! Jump to solution

pahujadeep
Explorer
‎05-04-2021 03:57 AM

many thanks, other than Splunk's out of the box functionality to restrict user roles etc any app suggestions which can help here?

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎05-04-2021 05:35 AM

Hi @pahujadeep,

the only way is to build dashboards with restricted access to data, in other words disable the Open_in_search button.

In this way users can see only the data you display in dashboards.

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎05-04-2021 03:01 AM

Hi @pahujadeep,

it isn't so easy to configure Splunk acceses to data because in Splunk Access grants are configured for each role at index level, so if you configure a role to see an index, every user with that role can see all the data of that index.

You can disable access to that index for the other roles, but access for all the users with that role is enabled.

The only way could be (but it isn't so easy to do!) it's to create special dashboards with special rules for special roles and disable access to the raw data or give access to data only using closed reports.

As I said, it isn't an easy work!

I hint to define with a great attention the roles for your users for security reasons and, at the same time, appoint as "Data Processors" the users who can access the index.

Ciao.

Giuseppe

Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...