Security
Highlighted

Custom Alert User Interface: Storing encrypted credentials

Path Finder

In this dated, but certainly not outdated, blog post, an explanation is given on how to handle passwords from the setup.xml

I however need to handle passwords from the user interface for a custom alert (.html) Unfortunately, I have been unable to find how to do that in a similar way as with the setup.xml file.

Can anyone tell me how to do this?

Thanx.

0 Karma
Highlighted

Re: Custom Alert User Interface: Storing encrypted credentials

Motivator

You can do it similarly as you do on a setup page using REST endpoint.

You need to add following parameter in your alert_actions.conf.

alert.execute.cmd = demisto_alert.py

From the python file you can use code as follows:

postArgs = {
                        "name": user_name,
                        "password": self.callerArgs.data['AUTHKEY'][0],
                        "realm": "TA-Demisto"
                    }
                    splunk.rest.simpleRequest("/servicesNS/nobody/TA-Demisto/admin/passwords/?output_mode=json",
                                              self.getSessionKey(), postargs = postArgs, method = 'POST')

If you want more information refer demisto_setup.py file from https://splunkbase.splunk.com/app/3448/ for /storage/password REST endpoint. This also have example for attaching custom page with your alert.

Hope it helps.

Highlighted

Re: Custom Alert User Interface: Storing encrypted credentials

Path Finder

This solution does not help me with my question. I need to be able to set the password in the custom page for my alert and have the password handled the same way as if it would have been set in the setup.xml file.

I know how to set it in the setup.xml and I know how to retrieve it from the python script but when a user creates an alert, there should be an option to enter a password as well to override the password that was set through the setup.xml.

0 Karma
Highlighted

Re: Custom Alert User Interface: Storing encrypted credentials

Motivator

If I understood your requirement correctly, you want to override username / password from a alert action. This can definitely be done from custom alert action page.

0 Karma
Highlighted

Re: Custom Alert User Interface: Storing encrypted credentials

Path Finder

Ok, that's great, and yes that is exactly what I want. But from your example, I can't figure out how to do that, I downloaded the app you refer to but in the alert html file, I don't see a password field.

0 Karma
Highlighted

Re: Custom Alert User Interface: Storing encrypted credentials

Motivator

You are right don't have passwords field in that app, you can use it in same way as setup page.

for example:


        <div class="controls">
            <input type="password" name="action.demisto.param.occured" id="occured" value="$trigger_time$" />
        </div>
    </div>
0 Karma
Highlighted

Re: Custom Alert User Interface: Storing encrypted credentials

Motivator

@dajomas, Did you find a solution ? If it has worked, can you accept the answer so that we can close this thread? In case you have used any other solution , would you mind posting it here for helping others?

0 Karma