Splunk Data Import

Where network monitoring has to be facilitated across boundaries of disconnected networks. 4Secure have delivered a cross-domain solution to verify and transport Splunk data across a network boundary into a higher security network.

The visibility of logging information and real-time alerts originating from network devices, IoT endpoints, and applications can empower Security Operations Centre (SOC) analysts, enabling proactive actions or rapid remediation. 4Secure have delivered a solution for validating Splunk data and ensuring it’s secure delivery through a unidirectional gateway, into the SOC on the destination network. 

Securely Importing Splunk Data

Decrypt, Verify, Re-encrypt

Decryption of HTTPS enabled the raw data within the HTTP request to readable. 4Secure then adopted their verification engine to examine the header of this HTTP request, ensuring the presence of an anticipated token from the Splunk system.to perform granular verification on the header of the HTTP request to ensure it contained a token expected from the Splunk system. Following successful validation and transfer across network the network boundary, 4Secure re-established a HTTPS connection on the the destination network.

Response to Splunk System

4Secure architected the necessary response to the Splunk heavy forwarder at the end of each HEC message. This ensured that the payload’s integrity remained intact as it was transported across the network boundary and delivered to the intended destination.

High-Throughput

4Secure have delivered solutions capable of transporting in excess of 150,000 HEC Messages a second while performing verification. 4Secure adopted their TrustedFilter appliance to meeting the computational demands of performing verification at such a high throughput.

Enabling TrustedFilterâ„¢ Applications

TrustedFilterâ„¢ SECUREimpex

  • Verification engine Installed directly onto a TrustedFilterâ„¢ appliance
  • Terminate TLS, verify raw data payload, then re-establish HTTPS
  • Performing syntactic & semantic verification
  • Granular HTTP Request Verification
  • Relays correct response to Splunk for accurate HEC message transmission
  • XML / JSON Schema Validation

Enabling Components

Data Diodes

A unidirectional flow control component (Data Diode) is utilised to enforce the one-way flow of data and perform a protocol break.

The all-encompassing TrustedFilterâ„¢ Appliance

4Secure adopted the TrustedFilter™ Appliance to implement this solution. The all-encompassing extensible appliance consists of a unidirectional gateway, the full TrustedFilter™ software suite and boasts considerable computational power to effectively perform the verification. Bi-directional model is also available.

Contact Us

Want to know more about 4Secure's products, services and cross-domain solutions? Engage with 4Secure's specialists to find a tailored solution. The 4Secure team offer full support through 30-day proof of concept of any solution at cost to 4Secure.

Call for a Quick Consultation

Can't wait for a response? Call us now for a quick consultation with one of our cross domain solution specialists.