Security

Splunk App lock, folder encryption mechanism

premforsplunk
Explorer

Hi folks,

is it possible to do a "folder-lock" mechanism for a splunk app ?

Basic requirement is, i dont want my splunk admins to see the contents of /opt/splunk/etc/secretapp

possible to achieve via Splunk ? is there any app/folder level encryption can be done ?

0 Karma

PavelP
Motivator

if you mean to disallow OS user to see/list content of the splunk folder, then it can easily be done with OS permissions.
But most of the configuration can be accessed via Splunk UI or REST API, directly or using a suitable app like this: https://splunkbase.splunk.com/app/4353/

The one way to achieve your goal would be to rewrite the SPL logic with C++ or python and build custom splunk commands/lookups: https://dev.splunk.com/enterprise/docs/developapps/customsearchcommands/
https://docs.splunk.com/Documentation/Splunk/8.0.1/Knowledge/Configureexternallookups

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!