All Apps and Add-ons

Splunk Add-on for Demisto only sends as admin?

tkw03
Communicator

We have the Splunk Add-on for Demisto setup in our environment. It works as long as the saved search being sent to Demisto is created or owned by admin or users who have the admin capability. It does not work for any other user.

I imagine its a permissions issue somewhere in the app, maybe the password? just not sure exactly where the permissions need to be updated.

Thanks!

Labels (1)
0 Karma
1 Solution

tkw03
Communicator

The cause was a capability that was not part of any account by default other than the admin.
Added to our service account and working as expected

View solution in original post

0 Karma

diegomssilva
Observer

Which capability did you added? @tkw03 

0 Karma

gordo32
Communicator

I had the exact same error with the ServiceNow add-on (which uses a script to inject incident tickets into SNow). The permission I had to grant was "list_storage_passwords". I believe, because the script is being run as the user who created the alert, the user must be able to read the credentials from storage, and pass these to the python script.

JJ_Yam
Explorer

Thank you for this answer! I had this exact issue where my ServiceNow Event Integration didn't work and the _internal index kept showing the "User does not have permissions" signature. Adding the "list_storage_passwords" capability works!

0 Karma

spns
New Member

Hi tkw03,

Can you describe what you have done ? I have upgraded Demisto Add On version 3.0.2 and when I checked /opt/splunk/var/log/splunk/create_xsoar_incident_modalert.log file there is an error logs which says that  "signature="User does not have permissions" . Configuration does not have any user requirement. So what is actually this user ? I 'm also using admin account while creating searches.

0 Karma

tkw03
Communicator

The cause was a capability that was not part of any account by default other than the admin.
Added to our service account and working as expected

0 Karma
Get Updates on the Splunk Community!

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...