According to the top answer in the question titled *"Deployment Server - when app is redeployed, what is overwritten"* (url listed below), the deployment server creates a hash of an app and compares it to the hash of what it has and then decides accordingly. Is there a file or database somewhere on the deployment server that contains the listing of hashes by app and computer? I would like to be able to retrieve them to validate the users aren't modifying anything on the universal forwarders. I want to get those hashes and then compare them to a hash of what's currently on the machine. I could write a script to go through and do this myself, but if there is some type of backend functionality Splunk has that I'm unaware of, that would be wonderful. Maybe there is already a different way to prevent a user from altering anything?
[1]: https://answers.splunk.com/answers/104708/deployment-server-when-app-is-redeployed-what-is-overwritten.html
↧