Security

Splunk App lock, folder encryption mechanism

premforsplunk
Explorer

Hi folks,

is it possible to do a "folder-lock" mechanism for a splunk app ?

Basic requirement is, i dont want my splunk admins to see the contents of /opt/splunk/etc/secretapp

possible to achieve via Splunk ? is there any app/folder level encryption can be done ?

0 Karma

PavelP
Motivator

if you mean to disallow OS user to see/list content of the splunk folder, then it can easily be done with OS permissions.
But most of the configuration can be accessed via Splunk UI or REST API, directly or using a suitable app like this: https://splunkbase.splunk.com/app/4353/

The one way to achieve your goal would be to rewrite the SPL logic with C++ or python and build custom splunk commands/lookups: https://dev.splunk.com/enterprise/docs/developapps/customsearchcommands/
https://docs.splunk.com/Documentation/Splunk/8.0.1/Knowledge/Configureexternallookups

0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud | Unified Identity - Now Available for Existing Splunk ...

Raise your hand if you’ve already forgotten your username or password when logging into an account. (We can’t ...

Index This | How many sides does a circle have?

February 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...