- Community
- :
- Splunk Answers
- :
- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Re: o365 addon
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi All
trying to set this up and im getting the following error:
rllib3/connectionpool.py:846: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
08-18-2020 16:28:38.533 +0100 ERROR PersistentScript - From {/opt/splunk/bin/python /opt/splunk/lib/python2.7/site-packages/splunk/persistconn/appserver.py}: InsecureRequestWarning)
08-18-2020 16:28:38.539 +0100 ERROR PersistentScript - From {/opt/splunk/bin/python /opt/splunk/lib/python2.7/site-packages/splunk/persistconn/appserver.py}: /opt/splunk/etc/apps/splunk_ta_o365/bin/3rdparty/urllib3/connectionpool.py:846: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
08-18-2020 16:28:38.539 +0100 ERROR PersistentScript - From {/opt/splunk/bin/python /opt/splunk/lib/python2.7/site-packages/splunk/persistconn/appserver.py}: InsecureRequestWarning)
08-18-2020 16:28:38.650 +0100 ERROR PersistentScript - From {/opt/splunk/bin/python /opt/splunk/lib/python2.7/site-packages/splunk/persistconn/appserver.py}: /opt/splunk/etc/apps/splunk_ta_o365/bin/3rdparty/urllib3/connectionpool.py:846: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
08-18-2020 16:28:38.650 +0100 ERROR PersistentScript - From {/opt/splunk/bin/python /opt/splunk/lib/python2.7/site-packages/splunk/persistconn/appserver.py}: InsecureRequestWarning)
08-18-2020 16:28:38.656 +0100 ERROR PersistentScript - From {/opt/splunk/bin/python /opt/splunk/lib/python2.7/site-packages/splunk/persistconn/appserver.py}: /opt/splunk/etc/apps/splunk_ta_o365/bin/3rdparty/urllib3/connectionpool.py:846: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
08-18-2020 16:28:38.656 +0100 ERROR PersistentScript - From {/opt/splunk/bin/python /opt/splunk/lib/python2.7/site-packages/splunk/persistconn/appserver.py}: InsecureRequestWarning)
I realise the URL says :
import urllib3 urllib3.disable_warnings()
but where does that actually go in the script?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
resolved this issue for myself, I'm probably a different case since this issue was around my odd "proxy"
- Convert zscaler certificate to .pem
openssl x509 -in ZscalerRootCertificate-2048-SHA256.crt -out zscaler.pem -outform PEM - Insert .pem into o365 app cacert
cat zscaler.pem >> /opt/splunk/etc/apps/splunk_ta_o365/bin/3rdparty/certifi/cacert.pem - Ensure ownership
chown splunk.splunk * - Restart splunk
systemctl restart splunk - Add tenant
This might be useful for anyone else with certificate issues.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
/opt/splunk/etc/apps/splunk_ta_o365/bin/3rdparty/urllib3/connectionpool.py
connectionpool.py might be throwing this warning.
can you check connectionpool.py if its importing urllib3?
if yes, add to this file.
If this helps, give a like below.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Add where to the file? If I just put it in the top I get the same error, if I put it in the line where the error is I get another error, I know it needs to be added, but where is it added?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
first method,
in that file, you can add below:
import requests
from requests.packages.urllib3.exceptions import InsecureRequestWarningrequests.packages.urllib3.disable_warnings(InsecureRequestWarning)
OR another method is
This warning can be disabled by setting PYTHONWARNINGS="ignore:Unverified HTTPS request" in ~/.bashrc of user with which splunk is running.
If this helps, give a like below.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
resolved this issue for myself, I'm probably a different case since this issue was around my odd "proxy"
- Convert zscaler certificate to .pem
openssl x509 -in ZscalerRootCertificate-2048-SHA256.crt -out zscaler.pem -outform PEM - Insert .pem into o365 app cacert
cat zscaler.pem >> /opt/splunk/etc/apps/splunk_ta_o365/bin/3rdparty/certifi/cacert.pem - Ensure ownership
chown splunk.splunk * - Restart splunk
systemctl restart splunk - Add tenant
This might be useful for anyone else with certificate issues.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
THANK YOU THIS RESOLVED OUR ISSUE.
Using Machine Learning for Hunting Security Threats
Observability Newsletter Highlights | March 2023
Security Newsletter Updates | March 2023
