Hi All,
I was using SPLUNK version 6.2.2 for deploying dashboards to our project internal security team. The data which we are gonna expose in Splunk is very critical and we don't want external users to have access to them via url. All the dashboards developed are converted to HTML, so when a dashboard loads, the field values used in the dashboard form are passed in the browser url and those are clearly visible to the users. I don't want to expose this field values to users, so how can we hide them?
Eg:
http://localhost:8080/en-GB/app/custom_app/Data_Report?form.field1=TotalPrice&form.field2=*&form.report_date_uk=09%2F02%2F2016&form.report_date=02%2F09%2F2016&earliest=0&latest=&form.field5=cost%20%28%C2%A3%29&form.field6=0
Here the values field1, report_date_uk, and report_date are used in the dashboard.
Can we hide them from being displayed in the URL and pass them in "Post" process i.e in a hidden way?
As we use the method="post/get" attribute in html forms, can we add them to Splunk dashboards/forms?
thanks
Rakesh.
Not that I know of. You have a couple different options for your use case though:
Hi if you use html dashboard toi can try kv store element To hide params on url.
Not that I know of. You have a couple different options for your use case though:
Hi masonmorales,
thanks for your reply..
its not about roles etc. we have restricted the access with roles etc . we dont have the field values to be passed in visible mode to the end user. can we do something about this ?? this is raised against our application in pen testing....
thanks,
rakesh.
The pen testers should not be worried about this - there is no additional information in the URI (like session tokens etc) that is not in the requested resource. If you're really worried about it put a reverse proxy in front of splunk and rewrite the urls.
As @masonmorales said if you properly create your roles then the users cannot run any seraches they're not supposed to.
Yes jplumsdaine22,
I agree to your point. its a concern raised by our pen testers to launch the product. I have raised a case to splunk support team and get to know they are gonna raise an Enchancement request for the same.
thanks,
Rakesh.