negotiate authentication in custom python search c...

cphair · ‎01-28-2013

Hello,

I'd like to use a custom search command that makes a live REST query to another system with a special account and returns the results to Splunk. Unfortunately, the other system uses Windows client credentials (my script is running on a Windows search head) and doesn't like basic authentication--the script errors out with a 401 when it tries to open the URL. With the modules provided in Splunk 4.3.4's Python (Python 2.7.2, I guess), is it possible to make the REST call with another account's credentials without using basic auth? I've looked for non-Splunk Python code examples, and they either use basic auth or they use the ntlm module, which doesn't appear to be included in Splunk Python by default.

dart · ‎07-31-2013

I'd suggest using this technique to include another python library, such as requests.

I've also used an alternate technique of shelling out to another script, in this case perl, but you could do so to use system python instead.

#! /usr/bin/env python
"""
    Python wrapper script for the perl script
"""
import os,sys

script = r'/path/to/my/script.pl'

os.execv(script, sys.argv[1])

negotiate authentication in custom python search commands

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Automating Threat Operations and Threat Hunting with Recorded Future

Keep the Learning Going with the New Best of .conf Hub

Splunk Community Badges!

Join the Conversation