Encrypt and Decrypt data within Events

The purpose of this distribution is to create an easy way to encrypt data within events and decrypt data at search time depending on the role. Read the README.txt on set up and usage. The basic idea is to first encrypt data within an event and produce a new file with the same content as before, but with the data matching group(1) in a regular expression encrypted and saved on disk using base64. The next thing to do is index the newly required file into Splunk with a sourcetype. At search time, you will then be able to decrypt the data. Read the README.txt for installation and usage. Two experimental dashboards have been added for Splunk 6+ that you can use in your own app to control access to decrypt. PLEASE NOTE: Use as is as this is a reference implementation.

Built by Nimish Doshi

Latest Version 2.3.0

April 17, 2024

Release notes

Compatibility

Not Available

Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2

Rating

0

(0)

Log in to rate this app

Support

Not Supported

Learn more

The purpose of this distribution is to create an easy way to encrypt data within events and decrypt data at search time depending on the role. Read the README.txt on set up and usage. The basic idea is to first encrypt data within an event and produce a new file with the same content as before, but with the data matching group(1) in a regular expression encrypted and saved on disk using base64. The next thing to do is index the newly required file into Splunk with a sourcetype. At search time, you will then be able to decrypt the data. Read the README.txt for installation and usage. Two experimental dashboards have been added for Splunk 6+ that you can use in your own app to control access to decrypt. PLEASE NOTE: Use as is as this is a reference implementation.