Hi, I am looking for some feedback on security aspect of Portal in a case where user has unknowingly added a Malicious service URL (publicly available external service) in a webmap. Are there any documentation on how Portal handles this?
Appreciate your feedback
Thanks
Have you gone to ArcGIS Trust Center
Thanks Todd for sharing this link. I noticed the link for ArcGIS security advisor and seems like this might provide some answers that I am looking for. I tried ArcGIS Security Advisor for our Enterprise, following instructions below but getting a 400 error. As per the note on the website, this utility was built by ESRI but not supported. I am not sure if anyone else had this issue and had any suggestions.
Thanks
To log in to ArcGIS Enterprise, you first need to register ArcGIS Security Advisor as an application in your Enterprise portal. This will generate an AppID that can identify this app as an approved client of the Enterprise portal. To register this app, follow the instructions here, using Application as the Type of App and the URL of the current page (https://s3.amazonaws.com/ago-security-advisor) as the Redirect URI.
Check Settings > Application > Data Source > Update:
Application
Data Source
URL https://s3.amazonaws.com/ago-security-advisor
App Registration
App ID:
YourGeneratedAppId
App Secret:
Show Secret
App Type:
Multiple
Redirect URI's:
urn:ietf:wg:oauth:2.0:oob, https://s3.amazonaws.com/ago-security-advisor
Hi Todd, I was able to connect using these settings, Thanks
Glad that worked for you. Additional thought: Have you run portalScan and serverScan? These are in the tools folders at your Poral and Server installed location.
Here's the default location on a Windows server
Todd