Splunk SOAR (f.k.a. Phantom)
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

What are the list of credentials that are acceptable for Just in Time entry?

Dave_Burns
Path Finder
‎07-25-2022 08:46 AM

What are the list of credentials that are acceptable for Just in Time entry?

Or is there a way to add to that list when creating our own apps? 

Looking through the documentation for the metadata, I'm not seeing anything. 

Labels (2)
Tags (1)
Reply

inventsekar
SplunkTrust
SplunkTrust
‎07-25-2022 03:57 PM

i am not much aware of Phantom and its pretty new to Splunk(i think around 3 years ago, just before the Covid, Splunk accquired this phantom).
The "Security Orchestration" may require this JIT concepts, that is understood.  lets wait for some Phantom guys to reply to you. 

PS - on ur question you tagged phantom... i thought for few seconds about that.. but, then, i thought u r a developer who starting new with splunk. my mistake and misunderstanding. 

0 Karma
Reply

Dave_Burns
Path Finder
‎07-25-2022 10:32 AM

Thanks @inventsekar for trying to provide some insite. 

yeah, I'm familiar w/ the authentication methods. But I'm specifically talking about this:

https://docs.splunk.com/Documentation/Phantom/4.10.4/Admin/AppsAssets#Configure_Just_In_Time_Credent...

It's actually kinda cool to see, for instance in the built in ssh app. 

Dave_Burns_0-1658770217734.png

But looking at the app code I'm not seeing how it indicated those as being choices from the option asset settings entered further up that page. 

0 Karma
Reply

phanTom
SplunkTrust
SplunkTrust
‎07-26-2022 07:31 AM

@Dave_Burns I have looked into this and can confirm that is presents all "string" and "password" asset configuration parameters defined in the app JSON. 

You won't see any "numeric" or "boolean" asset configuration params in the JIT list. 

Happy SOARing!

Reply

Dave_Burns
Path Finder
‎07-27-2022 05:24 AM

Thanks @phanTom, glad to know what's supposed to be going on behind the scenes. 

Makes me wonder why some of our homebrew apps aren't working that way but hey, I've got the information I asked for! Which gets me closer to the end.

0 Karma
Reply

inventsekar
SplunkTrust
SplunkTrust
‎07-25-2022 08:53 AM

Hi @Dave_Burns .. As per my knowledge, there is no "Just in time Credentials" (google defines this JIT as... "Just-in-Time (JIT) access is a fundamental security practice where the privilege granted to access applications or systems is limited to predetermined periods of time, on an as-needed basis. This helps to minimize the risk of standing privileges that attackers or malicious insiders can readily exploit.")

You can learn more about Splunk's Authentication methods available to us:

https://docs.splunk.com/Documentation/Splunk/9.0.0/InheritedDeployment/Usersrolesandauthentication

 

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...