Developing for Splunk Enterprise
Highlighted

Is it possible to use binaries when writing a Splunk App to protect your app's source code?

Engager

Is it possible to use binaries when writing a Splunk App or is your code always in the clear?

Highlighted

Re: Is it possible to use binaries when writing a Splunk App to protect your app's source code?

Splunk Employee
Splunk Employee

Yes you can use binaries in your app, but you'll have to write a python based wrapper to invoke the binary.

View solution in original post

Highlighted

Re: Is it possible to use binaries when writing a Splunk App to protect your app's source code?

Builder

I know this has been buried for a while, but I am curious about this reply. If my objective is to hand over an application, but I don't want any of my intellectual property to be exposed (xml/configs/scripts...) is there any way to protect it?

0 Karma
Highlighted

Re: Is it possible to use binaries when writing a Splunk App to protect your app's source code?

Ultra Champion

If you mean the dashboard XML, and Splunk .conf files, then the answer is no.

The best you could do would be to use a framework and include the visual elements in js files and obfuscate that - but at the end of the day, that's still pretty trivial to reverse engineer.

Any search you run (even it you packed it into a binary file) is going to leave an audit of the SPL in the audit logs.
What IP are you hoping to protect by 'hiding' your searches/config?

Highlighted

Re: Is it possible to use binaries when writing a Splunk App to protect your app's source code?

Builder

@nickhillscpl

Thanks for the reply. It was more of a hypothetical question that I was discussing with some colleagues, but scenarios do exist where analytics capabilities are being provided as a service using internally built dashboards and scripts, and the provider does not want to expose the inner workings to their client. Obviously the argument is more complex (data location, server ownership...), but from a technical PoV I was curious as to whether there was anything one could do in Splunk.

Regards,

Andrew

0 Karma