Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.
- HEC Receiver authorization of HTTP requests: Edge Processor administrators can now configure HTTP event collector (HEC) tokens to authenticate HTTP requests for data coming from a HEC source. This enhances the overall security of the HEC data path as it prevents unwanted data from coming into Edge Processor pipelines.
- Point and Click UI for Lookups: Edge Processor Lookups allow configuring pipelines to enrich event data using CSV and KV store lookups defined on the search head linked to Edge Processor. Through the UI, users can now seamlessly build the lookup command without having to manually write an SPL2 statement to support a wide array of use cases such as detecting indicators of compromise, resolving host IPs, and more.
- Point and Click UI for Cryptographic Functions: Edge Processor now supports a seamless GUI-based building experience for hashing functions (SHA1, SHA256, SHA512 and MD5), which no longer requires the manual authoring of SPL2 hashing statements. These functions allow users to support use cases such as masking sensitive information and monitoring of file/data integrity by hashing it. With the User Interface users can now rebuild the _raw event and just send through _raw with the hashed data through interactive point-and-click interface, without manually typing the commands in the pipeline definition.
To learn more about Edge Processor’s HEC, Lookups and Cryptographic capabilities (and more!), check out Splunk Docs.