I'm trying to collect CloudPassage logs. I have generated the Key ID and Secret Key. I then entered these values into a new CloudPassage Halo data input with the other fields:
Endpoint URL
CloudPassage Halo Client Key
Enter Password (CloudPassage Halo Secret key)
Time between polling cycles
HTTP Proxy
I keep getting "Failed to authenticate to CP Halo Portal". If I use curl to connect manually, however, I do get an access token back.
Reed,
I'm glad I was able to help you today. The CloudPassage App for Splunk Enterprise requires Python 2.7.11 with OpenSSL 1.0.2g (or newer) to connect securely to the Halo platform. Splunk Enterprise 6.4.x and 6.5.0 are bundled with these required software versions. If you are running an older version of Splunk Enterprise, please contact Splunk support for instructions on how to upgrade Python.
Thank you!
Daniel Gindin
Sr. Security Engineer, Customer Success | CloudPassage
215-534-5992
dgindin@cloudpassage.com
www.cloudpassage.com
Reed,
I'm glad I was able to help you today. The CloudPassage App for Splunk Enterprise requires Python 2.7.11 with OpenSSL 1.0.2g (or newer) to connect securely to the Halo platform. Splunk Enterprise 6.4.x and 6.5.0 are bundled with these required software versions. If you are running an older version of Splunk Enterprise, please contact Splunk support for instructions on how to upgrade Python.
Thank you!
Daniel Gindin
Sr. Security Engineer, Customer Success | CloudPassage
215-534-5992
dgindin@cloudpassage.com
www.cloudpassage.com
Reed,
I am available to assist you with configuring Splunk to retrieve CloudPassage Halo logs. Please feel free to call or email me at your earliest convenience.
Thank you.
Daniel Gindin
Sr. Security Engineer, Customer Success | CloudPassage
215-534-5992
dgindin@cloudpassage.com
www.cloudpassage.com
Thanks Daniel,
We can post any generic resolutions when we are finished.