All Apps and Add-ons

Security Essentials CIM Compliance Check error

BrendanCO
Path Finder

Hello. I've recently installed Security Essentials within my Spunk instance that is receiving Palo Alto, Cisco switch and Active Directory log files. I can see all the data just fine in each respective app. Each of their data models is accelerated. 

I've installed the CIM, accelerated the relevant data models, set up Security Essentials and then go to the CIM Compliance Check and I get the following error:

Error in 'sseidenrichment' command: External search command exited unexpectedly with non-zero error code 1

Thoughts?

 

Labels (1)
Tags (1)
0 Karma

_joe
Communicator

This ended up being a big within the app, resolved in Version 3.3.1


March 10, 2021
This is a small release with the following bugs fixed:
- Local search mapping mapped to wrong field when using Create New from Content Introspection
- Fixed a bug where the update would fail based on the data returned
- Modified the links to remediate a potential tabnabbing vulnerability
- Removed the Highcharts library
- Fixed a bug with the sseidenrichment command (Only affects Splunk 8.1)

0 Karma

_joe
Communicator

I am having a similar issue with any search using the sseidenrichment command. I wanted to additionally comment that, for me at least, this issue started when we upgraded from Splunk 8.0 to 8.1.2. I have not been able to identify a root cause yet. Is anyone else noticing a correlation between this issue and Splunk version 8.1?

0 Karma

BrendanCO
Path Finder

I know that there is a Python 3 upgrade we need to be sure we've addressed: 
https://docs.splunk.com/Documentation/Splunk/latest/Python3Migration/AboutMigration

 

0 Karma

Suirand1
Explorer

I am having the same situation with the same error message.

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...