Alerting

Security around AlertEmails from SplunkCloud

JScordo
Path Finder

My security team has questions surrounding the security of the email alerts sent by SplunkCloud. If these alerts we have set up include sensitive data/information and are getting sent from SplunkCloud to our in-house distro groups is there a way to encrypt them? Does SplunkCloud encrypt them by default or pass them through a secure channel?

0 Karma

khourihan_splun
Splunk Employee
Splunk Employee

Splunk Cloud does not presently support encrypted or signed emails. If this is a requirement, please contact your SE and ask him/her to file a feature request.

If it must be secure, for now I'd recommend making API calls over the REST-API (https) to pull alerts from the management port.

Keep in mind you need to file a ticket asking for the API to be opened up (port is blocked by default).

You can specify a list of IP's for them to whitelist if you'd like (its an option).

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...