Developing for Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Securing REST API authentication credentials in script alert action - Splunk 6.6.3

D0do
Engager
‎11-24-2021 02:43 AM

Hello,

I'm having some issues finding a proper solution for this problem:

I created a custom alert action for a Splunk v6.6.3 (I know, it is veery old) that executes a python script that use an SPL query through Splunk REST API.

At the moment the used credentials for Splunk REST API are written in cleartext into the script; is there a way to encrypt them so they are not clearly visible to other users able to read the script code?

Token authentication would have been the proper solution but it's not available in this old splunk version.

Do you know any additional solutions for this issue?

 

Thank you in advice, have a good day!

 

Labels (2)
Labels
0 Karma
Reply
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!

Get Updates on the Splunk Community!