Conflict with other apps authentication key

pbalsley · ‎08-03-2017

I installed the "Splunk Add-on for Microsoft Cloud Services" app and it broke the Sophos scripts from downloading logs.

I saw this error in the _internal index:

ExecProcessor - message from "python /opt/splunk/etc/apps/sophos_central/bin/sophos_events.py" ValueError: unknown url type: __REST_CREDENTIAL__#Splunk_TA_microsoft-cloudservices#configs/conf-splunk_ta_ms_o365_server_ucc_system_snapshot

I disabled the app and Sophos scripts worked again.

After digging I found out that this app and others has their credentials global and not limited to their own app. A bit sloppy.

I fix this for the Sophos app I added a check to make sure the returned data is from sophos. So far works great.

Edit both files "sophos_alerts.py" and "sophos_events.py"

for i, c in entities.items(): if "central.sophos.com" in c['realm']: <----- add this line return c['realm'],c['username'], c['clear_password'] raise Exception("No credentials have been found")

nickhills · ‎10-12-2017

Thanks for the note on this - you are correct!
I had overlooked this on 1.0.2, although my working copy has a fix.

I'll look to incorporate your suggestion too, as an additional control.

If my comment helps, please give it a thumbs up!

Conflict with other apps authentication key

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life