Solved: How to restrict external access to embedded report

tomapatan · ‎03-27-2023

We have a requirement to share a Splunk report externally and I`m aware we can achieve this by using iframes to embed the report.

My question is who can access the iframe - assuming it`s everyone who has a copy of the iframe/URL - and if there`s a way to restrict access to certain users only ? Can the restriction be applied within Splunk, or does it need to be applied within the external web app that we`re sharing with ?

yeahnah · ‎03-27-2023

Hi @tomapatan

Yes, I believe embedded reports are readable by anyone with access to the iframe/URL. Splunk does not have a way to be aware of who is accessing it, so this would need to be applied at the Web front end.

Having said that, depending on needs, the content of a report is usually generalised/summarised data, with the report creator having control over what is presented or more importantly, not presented or obfuscated.

View solution in original post

yeahnah · ‎03-27-2023

Hi @tomapatan

Yes, I believe embedded reports are readable by anyone with access to the iframe/URL. Splunk does not have a way to be aware of who is accessing it, so this would need to be applied at the Web front end.

Having said that, depending on needs, the content of a report is usually generalised/summarised data, with the report creator having control over what is presented or more importantly, not presented or obfuscated.

How to restrict external access to embedded report

other

Splunk Security Content for Threat Detection & Response, Q1 Roundup

Splunk Life | Happy Pride Month!

SplunkTrust | Where Are They Now - Michael Uschmann