Security reference how to secure data inbound to s...

Erbrown · ‎11-08-2023

Hi Folks,

I'm looking for a document that will help me understand my options for ensuring the integrity of data inbound to splunk from monitored devices, and any security options I may have there. I know TLS is an option for inter-splunk traffic. Unfortunately, I'm not having any luck with finding options to ensure the integrity and security of data when it's first received into splunk.

Surely there's a way for me to secure that, what am I missing here?

gcusello · ‎11-08-2023

Hi @Erbrown,

which kind of ingestions are you speaking about: forwarders, syslog, HEC?

if Forwarders, you can excrypt data between Forwarders and Indexers and there are checking technics inside Splunk.

If you're speaking of syslog: I hint to use an rsyslog server and read files using a Universal Forwarders; I'm not sure that's possible to encrypt syslogs; in addition, you could use two UFs and a Load Balancer to avoid Single Point of Failures,

If you're speaking of HEC, you can use https and the token is a securization of your ingestion; as syslogs, you should use two Forwarders and a Load Balancer.

Ciao.

Giuseppe

Security reference how to secure data inbound to splunk from a monitored device

authentication

encryption

Introducing the Splunk Community Dashboard Challenge!

Get the T-shirt to Prove You Survived Splunk University Bootcamp

Wondering How to Build Resiliency in the Cloud?