Ensuring the confidentiality of secrets and limiting access to only authorized individuals or services is absolutely critical. However, the secrets accidentally leak through configuration files, databases, or logging messages. Therefore, it's essential to take all necessary precautions.
The SIEM secret finder is an excellent solution to tackle this issue. It uses keyword and pattern matching to search for specific words and patterns that are commonly associated with secrets, such as API key, password, token, and private key. Once a potential secret is identified, the tool eliminates false positives using language processing libraries. The secret finder has built-in integration with Splunk & Sumologic solutions and can be easily integrated with other SIEM solutions.
- Splunk
- Sumologic
-
Clone the repository
cd /Data git clone https://github.com/govindasamyarun/siem-secret-finder -
Install prerequisites
- pip install -r requirements.txt
- Update the config.yaml file. The following are the mandatory values.
secret-finder:
siem: <<Splunk|Sumologic>>
output_file_path: '/tmp/secrets.csv'
sumologic:
url: 'https://<<hostname>>/api/v1/search/jobs'
access_id: '<<acess_id>>'
access_key: '<<access_key>>'
search_query: '_dataTier=All _source=* access_token or privateKey or publicKey | fields _raw'
start_time: '2023-05-10T20:00:00'
end_time: '2023-05-10T20:01:00'
timezone: 'IST'
splunk:
url: 'https://<<hostname>>'
token: <<token>>
search_query: 'index=_internal | fields _raw'
start_time: '-1m'
end_time: 'now'- Execute the script
- python siem-secret-finder.py