All Apps and Add-ons

Some problems with TA_Demisto configuration

jackson_storm
Explorer

Hi all, i have some problems with TA-Demisto for Splunk configuration.

On the Demisto Setup Page when i`m configure Demisto Host Name/IP Address and Api key , and after click on Save button i see an error message.

Encountered the following error while trying to update: In handler 'localapps': Error while posting to url=/servicesNS/nobody/TA-Demisto/demisto/demistocustomendpoint/demistoenv

Splunk instance works on amazon ec2 and demisto instance works on ec2 too. This two instances located in one VPC(one network) so i prefer to build communication using their local ip adresses.

Log message

2018-02-22 11:40:51,394 - DEMISTOSETUP - INFO - Auth key found
2018-02-22 11:40:51,396 - DEMISTOALERT - INFO - Using default value for verify= True
2018-02-22 11:40:51,433 - DEMISTOSETUP - ERROR - Exception while createing Test incident
Traceback (most recent call last):
  File "/opt/splunk/etc/apps/TA-Demisto/bin/demisto_setup.py", line 104, in handleEdit
    verify_cert = True)
  File "/opt/splunk/etc/apps/TA-Demisto/bin/demisto_alert.py", line 217, in validate_token
    r = requests.get(url = url, verify = True,allow_redirects = True, headers = headers)
  File "/opt/splunk/lib/python2.7/site-packages/requests/api.py", line 55, in get
    return request('get', url, **kwargs)
  File "/opt/splunk/lib/python2.7/site-packages/requests/api.py", line 44, in request
    return session.request(method=method, url=url, **kwargs)
  File "/opt/splunk/lib/python2.7/site-packages/requests/sessions.py", line 456, in request
    resp = self.send(prep, **send_kwargs)
  File "/opt/splunk/lib/python2.7/site-packages/requests/sessions.py", line 559, in send
    r = adapter.send(request, **kwargs)
  File "/opt/splunk/lib/python2.7/site-packages/requests/adapters.py", line 382, in send
    raise SSLError(e, request=request)
SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:603)

Demisto can successfully connect to Splunk using SplunkPy in Settings-Integrations.
But Splunk can`t connect to Splunk.
Security groups configured good, so this instances can communicate with each other.

0 Karma
1 Solution

kamlesh_vaghela
SplunkTrust
SplunkTrust

Hi @jackson_storm,

You are configuring using local IP but is this instance using self signed certificate? If Yes then you must configured the demisto app using the host name provided in self signed certificate.

Thanks

View solution in original post

0 Karma

ewitkop
New Member

[root@ip-192-168-45-70 demisto]# curl -ku 'username:password' https://localhost:8089/servicesNS/nobody/TA-Demisto/configs/conf-demistosetup/demistoenv/ -d VALIDATE_SSL=false

<msg type="ERROR">Unauthorized</msg>

,I get the following error.

[root@ip-192-168-45-70 demisto]# curl -ku 'username:password' https://localhost:8089/servicesNS/nobody/TA-Demisto/configs/conf-demistosetup/demistoenv/ -d VALIDATE_SSL=false

<msg type="ERROR">Unauthorized</msg>
0 Karma

richgalloway
SplunkTrust
SplunkTrust

This question is nearly two years old with an accepted answer. Please post a new question describing your problem.

---
If this reply helps you, Karma would be appreciated.
0 Karma

206103593
Engager

I ran into the same problem and had to disable CERT validation with the following command.

curl -ku 'username:password' https://localhost:8089/servicesNS/nobody/TA-Demisto/configs/conf-demistosetup/demistoenv/ -d VALIDATE_SSL=false

ahartge
Path Finder

thanks - this worked for me !

0 Karma

amat
Explorer

@jackson_storm Were you able to get an update on the fix? I am facing the same issue

thanks!

0 Karma

kamlesh_vaghela
SplunkTrust
SplunkTrust

Hi @jackson_storm,

You are configuring using local IP but is this instance using self signed certificate? If Yes then you must configured the demisto app using the host name provided in self signed certificate.

Thanks

0 Karma

rajmcse04
Engager

Hi

We are also facing the same problem and we don't have self signed certificate. In that case what needs to do?

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...