[FEATURE] mTLS Authentication

LetMeR00t / TA-thehive-cortex

Technical add-on for Splunk related to TheHive/Cortex from TheHive project

GNU Lesser General Public License v3.0

47 stars 11 forks source link

[FEATURE] mTLS Authentication #40

Closed Rawmi-21 closed 1 year ago

Rawmi-21 commented 1 year ago

Request Type

Feature Request

Work Environment

Question	Answer
OS version (server)	Splunk Cloud (Classic)
TheHive version / git hash	2.3.1

Feature Description

We want to request the possibility to add the mutual TLS authentication for more security. In a context of Splunk Cloud, the connexion between Splunk and Thehive have to be done directly through Internet.

Adding mTLS could offer the possibility to verify that the client is our Splunk Cloud Stack

LetMeR00t commented 1 year ago

Hi @Rawmi-21 You want to use a client certificate from Splunk to authenticate to your TheHive instance right ? if so, did you notice that you could specify a client cert setting on the instances ? It’s used to authenticate the client (so the Splunk app) to the proxy behind TheHive with a certificate. Take a look at the doc for more information or ask your questions here Thank you

Rawmi-21 commented 1 year ago

Hi,

Thanks a lot for your quick feedback. The DOC is clean yes did not see it I'm sorry. I'll make some tests on premise prior to see with Splunk Support for Splunk Cloud.

Thanks again !