Require Authentication on Event Management HTTP Processor [New in Security Center 1.3, Updated in 1.5, and removed in 2.0]
Learn how to establish secure basic authentication for inbound Amazon Simple Notification Service (SNS) requests when the Event Management plugin (com.glideapp.itom.snac) is enabled.
If the glide.basicauth.required.evtmgmthttpprocessor property isn’t set to the recommended value of true, and the Event Management plugin (com.glideapp.itom.snac) is active, then basic authentication is not required for all inbound Amazon Simple Notification Service (SNS) requests. This can lead to unauthenticated access to instance data.
To remediate this security risk, ensure that glide.basicauth.required.evtmgmthttpprocessor is set totrue and that com.glideapp.itom.snac is active.
More information
| Attribute | Description |
|---|---|
| Configuration name | glide.basicauth.required.evtmgmthttpprocessor |
| Configuration type | System Properties (/sys_properties_list.do) |
| Data type | Boolean |
| Recommended value | true |
| Default value | true |
| Category | API and web service |
| Security risk |
|
| Dependencies and prerequisites | None |
| References | |
| Functional impact | If glide.basicauth.required.evtmgmthttpprocessor is not set to the recommended value of True, and if the Event Management plugin (com.glideapp.itom.snac) is active, then basic authentication is not required for all Inbound Amazon Web Services SNS requests. This can lead to unauthenticated access to instance data. |