All Apps and Add-ons

There are several issues to be fixed in the current app release of CIS Critical Security Controls.

guilmxm
SplunkTrust
SplunkTrust

Hello,

There are several things to be corrected within the current version of the application:

  • metdadata/local.meta

There should not be local.meta files when you publish the application in Splunk base, any stanza would need to migrated to default.meta and this file should removed from the package

Finally, the default.meta should be cleaned, removing references to SPlunk versions, setting up properly parents Meta and removing childs metata if not useful

  • metadata/local.meta Git conflict unleaned

There is an unclean Git conflict in both file, with lines:

<<<<<<< HEAD

Which will generates huge number of WARN messages in splunkd.

03-21-2018 10:16:44.658 +0000 WARN  IniFile - /opt/splunk/etc/apps/cis-controls-app-for-splunk/metadata/local.meta, line 148: Cannot parse into key-value pair: <<<<<<< HEAD
03-21-2018 10:16:44.658 +0000 WARN  IniFile - /opt/splunk/etc/apps/cis-controls-app-for-splunk/metadata/local.meta, line 360: Cannot parse into key-value pair: <<<<<<< HEAD
03-21-2018 10:17:05.418 +0000 WARN  ConfObjectManagerDB - /opt/splunk/etc/apps/cis-controls-app-for-splunk/metadata/local.meta, line 8: Error parsing setting:  = ======

And there are others errors like the usage of deprecated features and syntax in xml files, wrong authorisations on csv files, etc.

I would kindly suggest to use appinspect when building your package, such that you can automatically be informed of these issues and perform unit testing for code quality improvements.

http://dev.splunk.com/view/SP-CAAAFAK

Many thanks,

Regards,

Guilhem

0 Karma
1 Solution

aperez_splunk
Splunk Employee
Splunk Employee

Thanks for your kind words @guilmxm.

Please know that these issues (and others) are in the queue for correction in my repo when the next iteration is released.

Many thanks again.

View solution in original post

0 Karma

aperez_splunk
Splunk Employee
Splunk Employee

Thanks for your kind words @guilmxm.

Please know that these issues (and others) are in the queue for correction in my repo when the next iteration is released.

Many thanks again.

0 Karma

aperez_splunk
Splunk Employee
Splunk Employee

Hi @guilmxm - app developer here.

Thanks for your note. Searching before posting would've turned this up as a known item.

Hopefully realworld usage of the app is useful for you despite these nuisance lines in splunkd.log.

Cheers.

0 Karma

guilmxm
SplunkTrust
SplunkTrust

Hello !

And it's because it is a very good application, and an amazing work you've done, and because it is useful to many that I wanted to post in case you wouldn't be aware of that 😉

Cheers,

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...