Security

Custom Alert User Interface: Storing encrypted credentials

dajomas
Path Finder

In this dated, but certainly not outdated, blog post, an explanation is given on how to handle passwords from the setup.xml

I however need to handle passwords from the user interface for a custom alert (.html) Unfortunately, I have been unable to find how to do that in a similar way as with the setup.xml file.

Can anyone tell me how to do this?

Thanx.

0 Karma

hardikJsheth
Motivator

You can do it similarly as you do on a setup page using REST endpoint.

You need to add following parameter in your alert_actions.conf.

alert.execute.cmd = demisto_alert.py

From the python file you can use code as follows:

postArgs = {
                        "name": user_name,
                        "password": self.callerArgs.data['AUTHKEY'][0],
                        "realm": "TA-Demisto"
                    }
                    splunk.rest.simpleRequest("/servicesNS/nobody/TA-Demisto/admin/passwords/?output_mode=json",
                                              self.getSessionKey(), postargs = postArgs, method = 'POST')

If you want more information refer demisto_setup.py file from https://splunkbase.splunk.com/app/3448/ for /storage/password REST endpoint. This also have example for attaching custom page with your alert.

Hope it helps.

dajomas
Path Finder

This solution does not help me with my question. I need to be able to set the password in the custom page for my alert and have the password handled the same way as if it would have been set in the setup.xml file.

I know how to set it in the setup.xml and I know how to retrieve it from the python script but when a user creates an alert, there should be an option to enter a password as well to override the password that was set through the setup.xml.

0 Karma

hardikJsheth
Motivator

If I understood your requirement correctly, you want to override username / password from a alert action. This can definitely be done from custom alert action page.

0 Karma

dajomas
Path Finder

Ok, that's great, and yes that is exactly what I want. But from your example, I can't figure out how to do that, I downloaded the app you refer to but in the alert html file, I don't see a password field.

0 Karma

hardikJsheth
Motivator

You are right don't have passwords field in that app, you can use it in same way as setup page.

for example:


        <div class="controls">
            <input type="password" name="action.demisto.param.occured" id="occured" value="$trigger_time$" />
        </div>
    </div>
0 Karma

hardikJsheth
Motivator

@dajomas, Did you find a solution ? If it has worked, can you accept the answer so that we can close this thread? In case you have used any other solution , would you mind posting it here for helping others?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...