All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Domain Tools for Splunk App not working properly

harshsri21
New Member
‎07-12-2017 07:55 AM

Hi,

We are encountering the below error while accessing the Domain Tools for Splunk App on each dashboard.

"External search command 'domaintools' returned error code 1. Script output = "ERROR An unknown error occurred: Could not get TA-domaintools credentials from splunk. Error: [HTTP 403] Client is not authorized to perform requested action; https://127.0.0.1:8089/servicesNS/nobody/TA-domaintools/admin/passwords "

While we cannot access this tool with FAAS SAML authentication for accounts with not admin privileges, but can successfully access it via local admin accounts.
So is it something that somewhere credentials have been broken for this app or is there a role that can be mapped to the users to access it.

Kindly help in understanding and resolving this.

0 Karma
Reply

markkendrick
Path Finder
‎07-12-2017 05:08 PM

HI - thanks for trying out our app. Here's the details on how to solve this from the readme file in our TA:

"Much of this app functionality requires the user to have the "list_storage_passwords" capability in Splunk. If the user(s) who will be using this app do not have that capability, there is an added "domaintools_user" role included with the app. Add this role to the user(s) and they will be able to use this app. This capability will allow users to decrypt passwords stored by apps, though, so make sure you are okay with that."

The reason for that is because our app uses Splunk's built in credential store. There are some downsides to using that, and this is one of them, so we are building a new version of the app that will use a more direct method that is still secure. You should see that in Splunk Base within the next week, but if you want it sooner, message me directly and we'll get it to you.

Were you able to get the bulk Whois and Reputation Score enrichment working on your proxy logs?

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...