All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Are Splunkbase apps safe?

johnwww
Explorer
‎06-20-2022 11:03 PM

There are many app in Splunkbase some from well known companies and developers, so I assume those are safe. What about other apps? Are they reviewed by Splunk before being published?

Labels (1)
Labels
Tags (3)
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎06-20-2022 11:36 PM

There is always a risk if you run a third-party written software. Not necessarily due to malice but maybe due to mistakes and sloppy programming.

My own private policy is that I trust apps built by Splunk, I am cautious towards apps written by solution vendors (like checkpoint-supplied app for checkpoint appliances) because they often don't know Splunk well enough and make too much false assumptions about your environment. And I unpack and manually look into other apps.

That's in production environment. I have slightly more relaxed approach in my home setup.

Reply

VatsalJagani
SplunkTrust
SplunkTrust
‎06-20-2022 11:30 PM

@johnwww - Long story short.

Yes, they are validated by Splunk but not by Security Penetration testers.

So use with caution. Or you can check them by yourself, when you download the App you will get the code as well, you can validate them by yourself if you want.

 

I hope this helps!!!

Reply

isoutamo
SplunkTrust
SplunkTrust
‎06-20-2022 11:28 PM

Hi

My expectations are that Splunk do only automatically technical review e.g. by appinspect to ensure that those apps are following their best practices and minimum requirements. But they are not doing any code review or other security related analysis for those. Personally if I need to take some app from "non big brand" I do those reviews by myself and/or try to found any reviews about it. And please remember it's your own decision and your responsibility to choose those. No warranty from anyone else.

r. Ismo

Reply

johnwww
Explorer
‎06-20-2022 11:56 PM

Some relevant links:

appinspect 

releasing apps 

cloud vetting 

Reply

gcusello
SplunkTrust
SplunkTrust
‎06-20-2022 11:23 PM

Hi @johnwww,

when an App is uploaded in Splunkbase it's subjected to many controls, especially on scripts, for my knowledge they are safe, for more infos, you can see at https://www.splunk.com/en_us/legal/terms/terms-of-use.html?301=/en_us/terms-of-use.html&301=/view/SP... all the terms of use.

In addition, here https://www.splunk.com/en_us/legal/export-controls.html?301=/en_us/export-controls.html&301=/view/SP... you can find the Export Controls.

Ciao.

Giuseppe

 

Reply

johnwww
Explorer
‎06-20-2022 11:47 PM

Terms

Splunk does not control the Community Content, identified in section 4.3 (“Community Content”) posted on the Site and, as such, does not guarantee the accuracy, integrity or quality of such Community Content

 

0 Karma
Reply
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...