All Apps and Add-ons

Domain Tools for Splunk App not working properly

New Member


We are encountering the below error while accessing the Domain Tools for Splunk App on each dashboard.

"External search command 'domaintools' returned error code 1. Script output = "ERROR An unknown error occurred: Could not get TA-domaintools credentials from splunk. Error: [HTTP 403] Client is not authorized to perform requested action; "

While we cannot access this tool with FAAS SAML authentication for accounts with not admin privileges, but can successfully access it via local admin accounts.
So is it something that somewhere credentials have been broken for this app or is there a role that can be mapped to the users to access it.

Kindly help in understanding and resolving this.

0 Karma

Path Finder

HI - thanks for trying out our app. Here's the details on how to solve this from the readme file in our TA:

"Much of this app functionality requires the user to have the "list_storage_passwords" capability in Splunk. If the user(s) who will be using this app do not have that capability, there is an added "domaintools_user" role included with the app. Add this role to the user(s) and they will be able to use this app. This capability will allow users to decrypt passwords stored by apps, though, so make sure you are okay with that."

The reason for that is because our app uses Splunk's built in credential store. There are some downsides to using that, and this is one of them, so we are building a new version of the app that will use a more direct method that is still secure. You should see that in Splunk Base within the next week, but if you want it sooner, message me directly and we'll get it to you.

Were you able to get the bulk Whois and Reputation Score enrichment working on your proxy logs?

0 Karma
Get Updates on the Splunk Community!

New Cloud Intrusion Detection System Add-on for Splunk

In July 2022 Splunk released the Cloud IDS add-on which expanded Splunk capabilities in security and data ...

Happy CX Day to our Community Superheroes!

Happy 10th Birthday CX Day!What is CX Day? It’s a global celebration recognizing innovation and success in the ...

Check out This Month’s Brand new Splunk Lantern Articles

Splunk Lantern is a customer success center providing advice from Splunk experts on valuable data insights, ...