/cx-splunk

Checkmarx Splunk Dashboard

Primary LanguageJavaScript

Cx-Splunk

cx-Splunk is a React App for Splunk to gain information usage, insight Checkmarx's results as well as observe trends across projects.

Installation

To install Cx-Splunk i.e. the Checkmarx Dashboard, please visit the wiki here. To change to your specified index (v0.0.2 onwards), please visit the wiki here

v0.0.2

  1. All file names now follow lower snake case style.
  2. The app is now configurable in terms of choosing which splunk index needs to be queried. The default index for Cx-Splunk app now is cx-splunk-index and can be changed to any other custom index by following wiki here

v0.0.1

  1. CxAnalytix - CxAnalytix is a nimble tool to fetch data from Checkmarx CxSAST.
  2. Logs from CxAnalytix are indexed into Splunk.
  3. Current version generates dashboards and visualizations based on this data indexed into splunk.

Prerequisites

  • Install CxAnalytix. Visit the below section below for more information.
  • Install nodejs 12.x.
  • Install Splunk Enterprise locally and have $SPLUNK_HOME env variable setup.
  • Install yarn as the package manager.
  • In Windows environment, to avoid any file permission issues start the command prompt with "Run as Administrator" to run the commands mentioned in the Development section.

Splunk Indexes and permissions

⚠️ Note on Splunk Indexes

  • Splunk requires data to be indexed. If none are chosen, the default destination is to the index named main.
  • When Using a specific index, for instance cx-splunk-index, It is essential to ensure that this index cx-splunk-index is searchable by default by user roles.
  • More documentation is available here on Splunk Docs
  • Troubleshooting indexes docs for Splunk is here
  • Splunk Role-based access and inheritence is documented here.
  • For Advanced Splunkers, Please change authorize.conf for user roles to ensure that Checkmarx Sourcetypes are [searchable by default based on roles] (https://docs.splunk.com/Documentation/Splunk/8.0.5/Security/Addandeditroleswithauthorizeconf)
  • You need your index to be part of a default search for Checkmarx Splunk App to work as expected.
  • Please beware, that Splunk indexes are immutable. Ensure that your index is as intended.

CxAnalytix

  • CxAnalytix is our supported & recommended way to fetch analytical data for Splunk is the key dependency in-order to make use of Cx-Splunk.
  • CxAnalytix installation guide can be found here.
  • In-order to forward data to Splunk, We recommend the use of Splunk Universal forwarder. Please read more here on how to configure Splunk Universal Forwarder.

Development

  • Getting started - Splunk + React
  • yarn install - install dependencies.
  • yarn run dev - start the project in dev mode. This command will symlink the project into your Splunk instance.
  • Restart your Splunk instance if it's the first time you setup this project. Checkmarx application should shows up in app bar.

Cx-Splunk - Creating a new view.

  • Follow the below steps to create a new view.
    • Add an xml file in resources/default/data/ui/views.
    • Modify resources/default/data/ui/nav/default.xml to include your new page.
    • Create a new folder under src/pages/ with the same name of the new xml file.
    • Create index.jsx and bootstrap the page using @splunk/react-page.
    • Restart Splunk, your new page should shows up.

Package the app

Use the following steps to package the Checkmarx Dashboard app.

Requirements:

Build Steps

  • Run make build-image to build the image to package the app.
  • Run make run to package the app with NodeJS.
    • The app (tgz) will be created in the splunkapps folder.
  • To start Splunk (8.0) with the dashboard app run make start (username: admin password: changemeplease).
  • If password is changed, update the Makefile
  • To remove all containers run make down