topic Re: What are the list of credentials that are acceptable for Just in Time entry? in Splunk SOAR

What are the list of credentials that are acceptable for Just in Time entry?

Dave_Burns — Mon, 25 Jul 2022 17:04:18 GMT

What are the list of credentials that are acceptable for Just in Time entry?

Or is there a way to add to that list when creating our own apps?

Looking through the documentation for the metadata, I'm not seeing anything.

Re: Just In Time Credentials

inventsekar — Mon, 25 Jul 2022 15:53:09 GMT

Hi @Dave_Burns .. As per my knowledge, there is no "Just in time Credentials" (google defines this JIT as... "Just-in-Time (JIT) access is a fundamental security practice where the privilege granted to access applications or systems is limited to predetermined periods of time, on an as-needed basis. This helps to minimize the risk of standing privileges that attackers or malicious insiders can readily exploit.")

You can learn more about Splunk's Authentication methods available to us:

https://docs.splunk.com/Documentation/Splunk/9.0.0/InheritedDeployment/Usersrolesandauthentication

Re: What are the list of credentials that are acceptable for Just in Time entry?

Dave_Burns — Mon, 25 Jul 2022 17:32:56 GMT

Thanks @inventsekar for trying to provide some insite.

yeah, I'm familiar w/ the authentication methods. But I'm specifically talking about this:

https://docs.splunk.com/Documentation/Phantom/4.10.4/Admin/AppsAssets#Configure_Just_In_Time_Credentials_for_a_Splunk_Phantom_asset

It's actually kinda cool to see, for instance in the built in ssh app.

But looking at the app code I'm not seeing how it indicated those as being choices from the option asset settings entered further up that page.

Re: What are the list of credentials that are acceptable for Just in Time entry?

inventsekar — Mon, 25 Jul 2022 22:57:16 GMT

i am not much aware of Phantom and its pretty new to Splunk(i think around 3 years ago, just before the Covid, Splunk accquired this phantom).
The "Security Orchestration" may require this JIT concepts, that is understood. lets wait for some Phantom guys to reply to you.

PS - on ur question you tagged phantom... i thought for few seconds about that.. but, then, i thought u r a developer who starting new with splunk. my mistake and misunderstanding.

Re: What are the list of credentials that are acceptable for Just in Time entry?

phanTom — Tue, 26 Jul 2022 14:31:21 GMT

@Dave_Burns I have looked into this and can confirm that is presents all "string" and "password" asset configuration parameters defined in the app JSON.

You won't see any "numeric" or "boolean" asset configuration params in the JIT list.

Happy SOARing!

Re: What are the list of credentials that are acceptable for Just in Time entry?

Dave_Burns — Wed, 27 Jul 2022 12:24:28 GMT

Thanks @phanTom, glad to know what's supposed to be going on behind the scenes.

Makes me wonder why some of our homebrew apps aren't working that way but hey, I've got the information I asked for! Which gets me closer to the end.