Does Website Monitoring app work with FIPS 140-2 m...

digituel · ‎12-12-2016

Do you know if the Website Monitoring app works with FIPS mode enabled for Splunk? The monitor worked fine until I enabled FIPS mode in Splunk. At the point FIPS was enabled, the monitor stopped logging monitors.

LukeMurphey · ‎12-17-2016

The app generates hashes of the content which is likely failing (one of them is MD5). I believe I can make the work by disabling the hashes that are non-compliant with FIPS mode (i.e. including SHA hashes only).

I opened a ticket for this: http://lukemurphey.net/issues/1656

khinchliff_splu · ‎12-13-2016

According to the docs: "The FIPS module disables the use of some cryptographic algorithms in the instance of Python that Splunk software uses to run apps (such as md5 and rc4)" - if the app uses them then it is not compatible with FIPS mode.

As an aside, usually you need to enable FIPS mode at install time, rather than enabling it later.

khinchliff_splu · ‎12-13-2016

To elaborate... I believe that the certificates generated in FIPS mode are different, so FIPS mode should be enabled before the first startup. Enabling later may cause data not to be sent between your Splunk servers as the certificates will not be valid, you should see errors in splunkd.log.

Does Website Monitoring app work with FIPS 140-2 mode?

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms