What are the list of credentials that are acceptable for Just in Time entry?
Or is there a way to add to that list when creating our own apps?
Looking through the documentation for the metadata, I'm not seeing anything.
i am not much aware of Phantom and its pretty new to Splunk(i think around 3 years ago, just before the Covid, Splunk accquired this phantom).
The "Security Orchestration" may require this JIT concepts, that is understood. lets wait for some Phantom guys to reply to you.
PS - on ur question you tagged phantom... i thought for few seconds about that.. but, then, i thought u r a developer who starting new with splunk. my mistake and misunderstanding.
Thanks @inventsekar for trying to provide some insite.
yeah, I'm familiar w/ the authentication methods. But I'm specifically talking about this:
It's actually kinda cool to see, for instance in the built in ssh app.
But looking at the app code I'm not seeing how it indicated those as being choices from the option asset settings entered further up that page.
@Dave_Burns I have looked into this and can confirm that is presents all "string" and "password" asset configuration parameters defined in the app JSON.
You won't see any "numeric" or "boolean" asset configuration params in the JIT list.
Happy SOARing!
Thanks @phanTom, glad to know what's supposed to be going on behind the scenes.
Makes me wonder why some of our homebrew apps aren't working that way but hey, I've got the information I asked for! Which gets me closer to the end.
Hi @Dave_Burns .. As per my knowledge, there is no "Just in time Credentials" (google defines this JIT as... "Just-in-Time (JIT) access is a fundamental security practice where the privilege granted to access applications or systems is limited to predetermined periods of time, on an as-needed basis. This helps to minimize the risk of standing privileges that attackers or malicious insiders can readily exploit.")
You can learn more about Splunk's Authentication methods available to us:
https://docs.splunk.com/Documentation/Splunk/9.0.0/InheritedDeployment/Usersrolesandauthentication