Splunk Dev
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to fix failure in app-inspect | check_for_python_udp_network_communications?

jabezds
Path Finder
‎07-26-2022 12:58 AM

Hi , 

Noticed this failure in the app inspect report(Version 2.22.0), Is there a way we can fix this on splunk cloud ?

Below is the failure details in the report:

Please check for inbound or outbound UDP network communications.Any programmatic UDP network communication is prohibited due to security risks in Splunk Cloud and App Certification.The use or instruction to configure an app using Settings -> Data Inputs -> UDP within Splunk is permitted. (Note: UDP configuration options are not available in Splunk Cloud and as such do not impose a security risk. File: bin/botocore/session.py Line Number: 204

 

Thanks,

Jabez.

 

0 Karma
Reply

sloshburch
Ultra Champion
‎08-15-2022 02:46 PM

Hi! FYI that I moved this from Splunk Platform to this Splunk Development > Building for the Splunk Platform section in hopes to get more eyes on it.

Also, it's worth pointing out that in general, AppInspect has a handful of checks to ensure unsecure UDP is not being used: check_inputs_conf_for_udp, check_for_python_udp_network_communications, and check_for_udp_communication_in_javascript. See https://dev.splunk.com/enterprise/reference/appinspect/appinspectcheck/ for more information.

In this case, the library being used is provided by a 3rd party and it is understood that eliminating that code is not practical. Therefore, there are discussions to consider how to navigate this challenge.

0 Karma
Reply
Get Updates on the Splunk Community!

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

For Splunk Cloud customers, understanding and optimizing Splunk Virtual Compute (SVC) usage and resource ...

Automatic Discovery Part 3: Practical Use Cases

If you’ve enabled Automatic Discovery in your install of the Splunk Distribution of the OpenTelemetry ...