search

mitre / saf

The MITRE Security Automation Framework (SAF) Command Line Interface (CLI) brings together applications, techniques, libraries, and tools developed by MITRE and the security community to streamline security automation for systems and DevOps pipelines
https://saf-cli.mitre.org
Other
131 stars 37 forks source link

Refactor hdf2splunk and splunk2hdf to use vendor provided javascript libs #174

Open aaronlippold opened 2 years ago

aaronlippold commented 2 years ago

https://github.com/splunk/splunk-javascript-logging

https://dev.splunk.com/enterprise/docs/devtools/javascript/logging-javascript/logjsrequirementinstall/

We are seeing some very odd behaviour with using strait POST commands for pushing data to Splunk via the HEC. The connection also does not seem to be closing.

Suggest moving to using the standard splunk js lib and @types/splunk-logging.

This will also help us with better error collection, connection issues, SSL and --insecure support and logging our sending of logs :)

aaronlippold commented 2 years ago

we may want to also look at the spunk-sdk for javascript for heimdall splunk interface? I think we are using this already right?

aaronlippold commented 2 years ago

Also, can we double check that these libs support treeshaking ...

camdenmoors commented 2 years ago

@yarick Were you able confirm that using the management interface instead of the HEC interface is okay?