Splunk Integration with Resilient

k-aravind · ‎08-03-2020

I am getting the following error while splunk tries to raise an alert as a Resilient Incident.

__main__ - ERROR - Alert action failed to create Resilient incident!

If anyone else has run into a similar problem, it would be of great help if you shared the steps taken to resolve it. Or help me by pointing in a direction in which I can focus my troubleshooting

richgalloway · ‎08-03-2020

Could you please say more about how you are trying to raise an alert as a Resilient incident? What app are you using? Is there anything in splunkd.log related to the alert?

---
If this reply helps you, Karma would be appreciated.

k-aravind · ‎08-03-2020

Hi,

I am using the default alert that comes with the Application. I am using the Resilient Integration for Splunk App from Splunkbase.

__main__ - ERROR - Alert action failed to create Resilient incident!

This is the error I find in the Logs.

ERROR sendmodalert - action=resilient STDERR - InsecureRequestWarning)

This is also an error which might be relevant. I have kept the option for verifying certificate as false. If there are other measures to be set in place to override the certificate verification if that is indeed causing the application to fail. Since it is a test environment we don;t have any CA certified certificates.

Splunk Integration with Resilient

administration

configuration

installation

troubleshooting

Splunk Enterprise Security 8.0.2 Availability: On cloud and On-premise!

Logs to Metrics

Developer Spotlight with Paul Stout