All Apps and Add-ons

How to disable SSL Validation in SNOW Security Operations Add-On?

slea_splunk
Splunk Employee
Splunk Employee

Hello,
I am trying to integrate Splunk and an On-Prem ServiceNow instance. The ServiceNow instance is not properly validating SSL certs, so I'd like to disable SSL validation for the ServiceNow Security Operations Add-On (https://splunkbase.splunk.com/app/3921/)

I've already done this for the ServiceNow Add On (https://splunkbase.splunk.com/app/1928/) by setting disable_ssl_certificate_validation = 1 in the [snow_default] stanza of the service_now.conf file. But I can't find corresponding instructions to do this for the Security Operations Add-On.

So, the specific question is: How can I disable SSL Validation in SNOW Security Operations Add-On (is there a way that is similar to how i can disable it in the ServiceNow Add-On)?

0 Karma

rfjohns1
Observer

Thanks,

But a proxy should not be needed for out environment. I can connect a browser to the ServiceNow url without a proxy since both Splunk and Service Now are internal to our network.

Am I misunderstanding something?

0 Karma

ivanreis
Builder

the service now instance that I worked to integrate into splunk was running at public domain, so for this reason I mentioned for you to use a proxy. I am not aware that your service now is running inside your network and I did not have issues with ssl.

0 Karma

droe
Explorer

I'd strongly suggest to fix the certificate of your Service Now instance instead of basically disabling the security provided by SSL/TLS.

0 Karma

ivanreis
Builder

Have you setup the proxy server configuration? When I deployed the integration I have to setup the proxy in order to get splunk connected properly to Snow from ssl connection.
the configuration is similiar with this. For the new add-on version there is tab for proxy configuration under service now add-on or you can edit the config file at $SPLUNK_HOME/etc/apps/Splunk_TA_snow/local/splunk_ta_snow_settings.conf

[proxy]
proxy_enabled = 0 Indicates whether connection to ServiceNow occurs through a proxy. The default is false.
proxy_url = URL or IP address for the proxy connection
proxy_port = Port for the proxy connection
proxy_username = Username for the proxy connection
proxy_password = Password for the proxy connection
proxy_rdns If you use the proxy to do DNS resolution, set this value to 1. The default is 0.
proxy_type The default is http. Other accepted values are http_no_tunnel, socks4, and socks5.

further information : https://docs.splunk.com/Documentation/AddOns/released/ServiceNow/Setuptheadd-on

0 Karma

sloshburch
Ultra Champion

Maybe edit or comment on your initial post to explicitly highlight the question you have? The verbiage stops abruptly without a good call for help?

0 Karma

rfjohns1
Observer

Followed instructions in the troubleshooting documentation, but the change does not change the behavior.

SSLHandshakeError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:676)

splunk_ta_snow_account.conf:
disable_ssl_certificate_validation=1

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!