Proofpoint TAP Modular Input App: ERROR ExecProces...

Viaris · ‎11-30-2018

Hi all,
after installing the "Proofpoint TAP Modular Input", there is the following error in: _internal splunkd proofpoint_tap_siem.py

11-30-2018 15:51:44.512 +0100 ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\TA-Proofpoint-TAP\bin\proofpoint_tap_siem.py"" proofpoint_tap_siem://proofpoint_stanza_tap: stream_events/proofpoint_tap_siem://proofpoint_stanza_tap: An error occurred updating credentials. Please ensure your user account has admin_all_objects and/or list_storage_passwords capabilities. Details: 'No such entity proofpoint_tap_siem_proofpoint_stanza_tap_********%5Csplunkproxy%3A'

i use admin account with enabled "admin_all_objects and/or list_storage_passwords". Any idea?
Thanks!

dkeck · ‎12-05-2018

Hi,

no idea about the proof point TA, but its stated in the docs that Splunk CIM Add-on is required, so just a thought, did you install the CIM add on?

Might want to check out this as well: https://help.proofpoint.com/Threat_Insight_Dashboard/API_Documentation/SIEM_API

From this older post: https://answers.splunk.com/answers/578344/proofpoint-tap-modular-input-app-admin-all-objects.html it seems to be a genral issue, you could try to connect support@proofpoint.com.

Viaris · ‎12-06-2018

Hi dkeck, thanks for the answer.
i think the issue could be related to this part:
"Details: 'No such entity proofpoint_tap_siem_proofpoint_stanza_tap_%5Csplunkproxy%3A'"
i can't find what should be the "entity"

hijacob · ‎12-05-2018

Wich version of splunk and the app do you use?

Proofpoint TAP Modular Input App: ERROR ExecProcessor

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms