IBM Security SOAR

Expand all | Collapse all

FN Utilities : Remote command execution

  • 1.  FN Utilities : Remote command execution

    Posted Tue July 13, 2021 08:20 AM
    Hi all, my name is Guillermo and I am new to this community and with resilient soar, i have a question regarding the way the fn utilities : command execution function handles the secrets in the app.config, we are triying to add a $secret to the remote_command variable in app config in example:

    remote_command_linux = (/home/testremote/test $secret_var {{param1}})

    but the $secret_var is not parsed and is runned in the remote server literaly ($secret_var), but in the local execution this secret variable is parsed correctly.

    Could you please advise.

    thanks in advanced.

    Best Regards.




    ------------------------------
    Guillermo Lujan
    ------------------------------


  • 2.  RE: FN Utilities : Remote command execution

    Posted Wed July 14, 2021 12:15 PM
    Hi Guillermo,

    Welcome to the Community!

    AppHost Secret's will only get interpolated correctly by resilient-circuits (AppHost's runtime environment) if the entire string in the app.config file starts with a '$' character, therefore, if your $SECRET is a substring of that, it will NOT get interpolated correctly and you will get unexpected results

    What we advise you to do is make the whole string a secret and reference that in your app.config:
    SECRET_COMMAND_VALUE=(/home/testremote/test <your command> {{param1}})

    Then in the app.config section set:
    remote_command_linux = $SECRET_COMMAND_VALUE

    Hope this helps!

    ------------------------------
    Shane Curtin
    Apps Engineer - IBM Security SOAR
    ------------------------------



  • 3.  RE: FN Utilities : Remote command execution

    Posted Thu July 15, 2021 08:08 AM
    Hi Shane ! thanks for your reply, i will try it as per your advise.

    BR.

    Guillermo

    ------------------------------
    Guillermo Lujan
    ------------------------------



  • 4.  RE: FN Utilities : Remote command execution

    Posted Wed July 14, 2021 12:19 PM
    Hi Guillermo,

    Welcome to the Community!

    AppHost Secret's will only get interpolated correctly by resilient-circuits (AppHost's runtime environment) if the entire string in the app.config file starts with a '$' character, therefore, if your $SECRET is a substring of that, it will NOT get interpolated correctly and you will get unexpected results

    What we advise you to do is make the whole string a secret and reference that in your app.config:
    SECRET_COMMAND_VALUE=(/home/testremote/test <your command> {{param1}})

    Then in the app.config section set:
    remote_command_linux = $SECRET_COMMAND_VALUE

    Hope this helps!

    ------------------------------
    Mark Scherfling
    ------------------------------



  • 5.  RE: FN Utilities : Remote command execution

    Posted Thu July 15, 2021 08:07 AM
    Hello Mark, thanks for your reply, i will try it as per your advise.

    BR.

    Guillermo

    ------------------------------
    Guillermo Lujan
    ------------------------------