Security

Splunk App lock, folder encryption mechanism

premforsplunk
Explorer

Hi folks,

is it possible to do a "folder-lock" mechanism for a splunk app ?

Basic requirement is, i dont want my splunk admins to see the contents of /opt/splunk/etc/secretapp

possible to achieve via Splunk ? is there any app/folder level encryption can be done ?

0 Karma

PavelP
Motivator

if you mean to disallow OS user to see/list content of the splunk folder, then it can easily be done with OS permissions.
But most of the configuration can be accessed via Splunk UI or REST API, directly or using a suitable app like this: https://splunkbase.splunk.com/app/4353/

The one way to achieve your goal would be to rewrite the SPL logic with C++ or python and build custom splunk commands/lookups: https://dev.splunk.com/enterprise/docs/developapps/customsearchcommands/
https://docs.splunk.com/Documentation/Splunk/8.0.1/Knowledge/Configureexternallookups

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In January, the Splunk Threat Research Team had one release of new security content via the Splunk ES Content ...

Expert Tips from Splunk Professional Services, Ensuring Compliance, and More New ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Observability Release Update: AI Assistant, AppD + Observability Cloud Integrations & ...

This month’s releases across the Splunk Observability portfolio deliver earlier detection and faster ...