Is it possible to use binaries when writing a Splunk App or is your code always in the clear?
Yes you can use binaries in your app, but you'll have to write a python based wrapper to invoke the binary.
Yes you can use binaries in your app, but you'll have to write a python based wrapper to invoke the binary.
I know this has been buried for a while, but I am curious about this reply. If my objective is to hand over an application, but I don't want any of my intellectual property to be exposed (xml/configs/scripts...) is there any way to protect it?
If you mean the dashboard XML, and Splunk .conf files, then the answer is no.
The best you could do would be to use a framework and include the visual elements in js files and obfuscate that - but at the end of the day, that's still pretty trivial to reverse engineer.
Any search you run (even it you packed it into a binary file) is going to leave an audit of the SPL in the audit logs.
What IP are you hoping to protect by 'hiding' your searches/config?
@nickhillscpl
Thanks for the reply. It was more of a hypothetical question that I was discussing with some colleagues, but scenarios do exist where analytics capabilities are being provided as a service using internally built dashboards and scripts, and the provider does not want to expose the inner workings to their client. Obviously the argument is more complex (data location, server ownership...), but from a technical PoV I was curious as to whether there was anything one could do in Splunk.
Regards,
Andrew