We're looking to automate the process of uploading and approving files for an application whitelisting solution.
For machines that are outside the network, I would like them to periodically query a Splunk REST API that is Internet-facing. What is the best way to lock that down? Have an independent Splunk instance in the DMZ with a single saved search to run the query I want against the central server -- either as a search head or using its REST API?
How would one make that as secure as possible?
Thanks.
Craig