Hi all,
I am using the custom alert action with the Python script to SSH to our Fortigate firewalls and restart the URL filter daemon using one specific Fortigate CLI command. Initially I did not use Splunk Add-on Builder and simply manually edit the alert_actions.conf, app.conf and UI etc.. The python script under the bin folder of app fetch the payload and reads the host field and based on that, use Paramiko module to SSH to the remote Fortigate firewall and execute CLI command to restart the urlfilter daemon. The script is ok however I had to hardcode the username and password in the script. That makes me turn to Splunk Add-on Builder.
Unfortunately I don't know how to add the account for credential storage. I cannot even find where to add account. Did try the global account setting however got the error of "Global Settings Could not be saved".
Could u please advise what I can do to achieve the credential storage with password encrypted so I can use API call to fetch the credential for SSH login?
Thank you!
David
... View more