Splunk App lock, folder encryption mechanism

premforsplunk — Mon, 03 Feb 2020 07:21:56 GMT

Hi folks,

is it possible to do a "folder-lock" mechanism for a splunk app ?

Basic requirement is, i dont want my splunk admins to see the contents of /opt/splunk/etc/secretapp

possible to achieve via Splunk ? is there any app/folder level encryption can be done ?

Re: Splunk App lock, folder encryption mechanism

PavelP — Mon, 03 Feb 2020 09:22:53 GMT

if you mean to disallow OS user to see/list content of the splunk folder, then it can easily be done with OS permissions.
But most of the configuration can be accessed via Splunk UI or REST API, directly or using a suitable app like this: https://splunkbase.splunk.com/app/4353/

The one way to achieve your goal would be to rewrite the SPL logic with C++ or python and build custom splunk commands/lookups: https://dev.splunk.com/enterprise/docs/developapps/customsearchcommands/
https://docs.splunk.com/Documentation/Splunk/8.0.1/Knowledge/Configureexternallookups

topic Splunk App lock, folder encryption mechanism in Security

Splunk App lock, folder encryption mechanism

Re: Splunk App lock, folder encryption mechanism