All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Any suggestions on indexing GDPR(PCI/PII) data to Splunk and send protected reports to users

pahujadeep
Explorer
‎05-04-2021 02:46 AM

Any suggestions on indexing GDPR(PCI/PII) data to Splunk and send protected reports to users. Also, if it is possible to prevent this data visibility from other Splunk users?

 

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎05-04-2021 03:01 AM

Hi @pahujadeep,

it isn't so easy to configure Splunk acceses to data because in Splunk Access grants are configured for each role at index level, so if you configure a role to see an index, every user with that role can see all the data of that index.

You can disable access to that index for the other roles, but access for all the users with that role is enabled.

The only way could be (but it isn't so easy to do!) it's to create special dashboards with special rules for special roles and disable access to the raw data or give access to data only using closed reports.

As I said, it isn't an easy work!

I hint to define with a great attention the roles for your users for security reasons and, at the same time, appoint as "Data Processors" the users who can access the index.

Ciao.

Giuseppe

View solution in original post

Reply
Solved! Jump to solution

pahujadeep
Explorer
‎05-04-2021 03:57 AM

many thanks, other than Splunk's out of the box functionality to restrict user roles etc any app suggestions which can help here?

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎05-04-2021 05:35 AM

Hi @pahujadeep,

the only way is to build dashboards with restricted access to data, in other words disable the Open_in_search button.

In this way users can see only the data you display in dashboards.

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎05-04-2021 03:01 AM

Hi @pahujadeep,

it isn't so easy to configure Splunk acceses to data because in Splunk Access grants are configured for each role at index level, so if you configure a role to see an index, every user with that role can see all the data of that index.

You can disable access to that index for the other roles, but access for all the users with that role is enabled.

The only way could be (but it isn't so easy to do!) it's to create special dashboards with special rules for special roles and disable access to the raw data or give access to data only using closed reports.

As I said, it isn't an easy work!

I hint to define with a great attention the roles for your users for security reasons and, at the same time, appoint as "Data Processors" the users who can access the index.

Ciao.

Giuseppe

Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...