diff --git a/packages/flare/bin/cron_job_ingest_events.py b/packages/flare/bin/cron_job_ingest_events.py index 74bd7ee..7bef002 100644 --- a/packages/flare/bin/cron_job_ingest_events.py +++ b/packages/flare/bin/cron_job_ingest_events.py @@ -343,13 +343,14 @@ def fetch_feed( logger.error(f"Exception={e}") -def get_splunk_service(logger: Logger) -> Service: +def get_splunk_service(logger: Logger, token: str) -> Service: try: splunk_service = client.connect( host=HOST, port=SPLUNK_PORT, app=APP_NAME, - token=sys.stdin.readline().strip(), + token=token, + autologin=True, ) except Exception as e: logger.error(str(e)) @@ -360,7 +361,13 @@ def get_splunk_service(logger: Logger) -> Service: if __name__ == "__main__": logger = Logger(class_name=__file__) - splunk_service: Service = get_splunk_service(logger=logger) + token = sys.stdin.readline().strip() # SEE: passAuth in https://docs.splunk.com/Documentation/Splunk/9.4.0/Admin/Inputsconf + if not token: + raise Exception( + "Token not found - Go through the complete app configuration to update the user token." + ) + + splunk_service: Service = get_splunk_service(logger=logger, token=token) app: Application = splunk_service.apps[APP_NAME] main( diff --git a/packages/react-components/src/models/splunk.ts b/packages/react-components/src/models/splunk.ts index 0d2b195..01902ea 100644 --- a/packages/react-components/src/models/splunk.ts +++ b/packages/react-components/src/models/splunk.ts @@ -60,6 +60,7 @@ export interface Service { indexes: () => Indexes; savedSearches: () => Collection; serverInfo: () => any; + currentUser: () => any; get: (splunkUrlPath: string, data: any) => HTTPResponse; post: (splunkUrlPath: string, data: any) => HTTPResponse; } diff --git a/packages/react-components/src/utils/setupConfiguration.ts b/packages/react-components/src/utils/setupConfiguration.ts index 0bf9d99..57a5650 100644 --- a/packages/react-components/src/utils/setupConfiguration.ts +++ b/packages/react-components/src/utils/setupConfiguration.ts @@ -152,6 +152,7 @@ async function saveConfiguration( SEVERITY_SAVED_SEARCH_NAME, `source=${APP_NAME} index=${indexName} earliest=-24h latest=now | spath path=header.risk.score output=risk_score_str | eval risk_score = coalesce(tonumber(risk_score_str), 0) | eval risk_label = case(risk_score == 1, "Info", risk_score == 2, "Low", risk_score == 3, "Medium", risk_score == 4, "High", risk_score == 5, "Critical") | stats count by risk_label, risk_score | sort risk_score | fields - risk_score` ); + await updatePassAuthUsername(service); await completeSetup(service); await reloadApp(service); if (isFirstConfiguration) { @@ -174,6 +175,18 @@ async function updateEventIngestionCronJobInterval( ); } +async function updatePassAuthUsername(service: Service): Promise { + const username = await fetchCurrentUsername(); + await updateConfigurationFile( + service, + 'inputs', + 'script://$SPLUNK_HOME/etc/apps/flare/bin/cron_job_ingest_events.py', + { + passAuth: username, + } + ); +} + async function updateSavedSearchQuery( service: Service, savedSearchName: string, @@ -422,6 +435,13 @@ function getSourceTypesFilterValue( return sourceTypesFilter; } +function fetchCurrentUsername(): Promise { + const service = createService(); + return promisify(service.currentUser)().then((user) => { + return user.name; + }); +} + export { createFlareIndex, fetchApiKey,