search

pentestfail / TA-Salesforce_Reports

Provides method to consume Salesforce.com reports via REST API without SOQL/SOSL queries to be indexed, put in kvstore, or both.
MIT License
3 stars 0 forks source link

Fails Splunk Cloud Certification #1

Open claytonraymond2004 opened 7 years ago

claytonraymond2004 commented 7 years ago

I am trying to utilize this app in our Splunk Cloud deployment however the Splunk Cloud Ops team is rejecting the app due to unencrypted communications:

Here are their observations/recommendations

Cloud Risk Assessment: Risk Management - FAIL Compound Score - 10 Risk Type - Unencrypted communication Risk Score - 10

Vet app #3567 v1.0.4 "Salesforce Reports" Review fails vetting and cannot be installed.

This is a preliminary report. More issues may be found upon further review.

Thank you for your app install request. Your app did not meet security and functionality requirements for Splunk Cloud for the following reasons: *The application can be configured for unencrypted communication, which is not permitted in Splunk Cloud. All communication must be encrypted (HTTPS preferred).

Once these issues are remedied you can resubmit your app for review.

Alternatives: We have contacted the developer in order to to rectify the issues in this app. If the customer would like the display elements in this app (e.g., dashboards, panels, etc..), they should modify the app, or engage Professional Services to modify the app on their behalf to remove any unneeded components *Customers may wish to install this app on a heavyweight forwarder.]<<<

Is it at all possible to re-evaluate the app/work with Splunk to get this app Splunk Cloud certified? Alternaly, is it possible to utilize this app with a Heavy Forwarder? I tinkered with it, but because of the generation of lookup files, I don't believe it works in conjunction with Cloud.

I would really love to use this app!

Thanks!

pentestfail commented 7 years ago

I have their writeup on the submission and need to review their response (which includes more detail than above) as several of their findings appear to be incorrect. I can't commit to a timeline to update the app for certification, as some of that is dependent on Splunk'd review process.

You are correct, the automated lookup creation will not work via heavy forwarder as it creates the lookups on the Splunk server running the addon. One workaround is to index the reports and use a scheduled report/search to write your kvstore/csv lookup once data is in Splunk Cloud.

The intent of the many "toggles" is to give you options to work inside a distributed deployment such as on a heavy forwarder where you can index without sending to lookups, while on a search head send to lookups without indexing, etc.

pentestfail commented 7 years ago

Quick update, I've responded to the App Certification team to clarify some of their findings and will update once I hear back from them.