I am getting this error message when adding a phantom server using the new server configuration in the Phantom Add-on.
Phantom Failed to communicate with user "" on Phantom server . Error: Unhashable type: 'list'
I have managed to get the add-on working by installing a version 7 versions behind the current.
The Phantom user is setup as per documentation(and works on older version of installed app), my user has all the Phantom capabilities, and I have disabled cert validation.
I am on Splunk 8.1.2 and using the latest version of the Phantom Add-on.
Hey @jethrop my deployment is currently running into this issue. Were you ever able to come up with or find a fix?
You said you were able to get something working by dropping back 7 versions, would that be version 2.4.18??
After filing a case the solution was to change all cef fields with * as their data types to string datatype in the app
The app verifies the phantom server by making 2 REST calls to the phantom server
- /rest/cef
- /rest/cef_metadata
This error is indicating that there's a problem with the CEF field definitions, specifically the CEF fields configured in Phantom. You can check the entire list via https://<phantom>/rest/cef/ & https://<phantom>/rest/cef_metadata.
Look for something like a null field or a list within a list (not allowed). If you identify the problematic field, go to Admin > Admin Settings > CEF and remove the field in question and re-try the connection from the App.
List within a list Example (Bad):
"Example": {
"contains": [
["*"]
]
},
After filing a case the solution was to change all cef fields with * as their data types to string datatype in the app