All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Any suggestions on indexing GDPR(PCI/PII) data to Splunk and send protected reports to users

pahujadeep
Explorer
‎05-04-2021 02:46 AM

Any suggestions on indexing GDPR(PCI/PII) data to Splunk and send protected reports to users. Also, if it is possible to prevent this data visibility from other Splunk users?

 

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎05-04-2021 03:01 AM

Hi @pahujadeep,

it isn't so easy to configure Splunk acceses to data because in Splunk Access grants are configured for each role at index level, so if you configure a role to see an index, every user with that role can see all the data of that index.

You can disable access to that index for the other roles, but access for all the users with that role is enabled.

The only way could be (but it isn't so easy to do!) it's to create special dashboards with special rules for special roles and disable access to the raw data or give access to data only using closed reports.

As I said, it isn't an easy work!

I hint to define with a great attention the roles for your users for security reasons and, at the same time, appoint as "Data Processors" the users who can access the index.

Ciao.

Giuseppe

View solution in original post

Reply
Solved! Jump to solution

pahujadeep
Explorer
‎05-04-2021 03:57 AM

many thanks, other than Splunk's out of the box functionality to restrict user roles etc any app suggestions which can help here?

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎05-04-2021 05:35 AM

Hi @pahujadeep,

the only way is to build dashboards with restricted access to data, in other words disable the Open_in_search button.

In this way users can see only the data you display in dashboards.

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎05-04-2021 03:01 AM

Hi @pahujadeep,

it isn't so easy to configure Splunk acceses to data because in Splunk Access grants are configured for each role at index level, so if you configure a role to see an index, every user with that role can see all the data of that index.

You can disable access to that index for the other roles, but access for all the users with that role is enabled.

The only way could be (but it isn't so easy to do!) it's to create special dashboards with special rules for special roles and disable access to the raw data or give access to data only using closed reports.

As I said, it isn't an easy work!

I hint to define with a great attention the roles for your users for security reasons and, at the same time, appoint as "Data Processors" the users who can access the index.

Ciao.

Giuseppe

Reply
Get Updates on the Splunk Community!

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Your Guide to SPL2 at .conf24!

So, you’re headed to .conf24? You’re in for a good time. Las Vegas weather is just *chef’s kiss* beautiful in ...