Splunk Integration with Resilient

k-aravind · ‎08-03-2020

I am getting the following error while splunk tries to raise an alert as a Resilient Incident.

__main__ - ERROR - Alert action failed to create Resilient incident!

If anyone else has run into a similar problem, it would be of great help if you shared the steps taken to resolve it. Or help me by pointing in a direction in which I can focus my troubleshooting

richgalloway · ‎08-03-2020

Could you please say more about how you are trying to raise an alert as a Resilient incident? What app are you using? Is there anything in splunkd.log related to the alert?

---
If this reply helps you, Karma would be appreciated.

k-aravind · ‎08-03-2020

Hi,

I am using the default alert that comes with the Application. I am using the Resilient Integration for Splunk App from Splunkbase.

__main__ - ERROR - Alert action failed to create Resilient incident!

This is the error I find in the Logs.

ERROR sendmodalert - action=resilient STDERR - InsecureRequestWarning)

This is also an error which might be relevant. I have kept the option for verifying certificate as false. If there are other measures to be set in place to override the certificate verification if that is indeed causing the application to fail. Since it is a test environment we don;t have any CA certified certificates.

Splunk Integration with Resilient

administration

configuration

installation

troubleshooting

Detecting Brute Force Account Takeover Fraud with Splunk

Buttercup Games: Further Dashboarding Techniques (Part 9)

Buttercup Games: Further Dashboarding Techniques (Part 8)

Are you a member of the Splunk Community?

Splunk Integration with Resilient

administration

configuration

installation

troubleshooting

Detecting Brute Force Account Takeover Fraud with Splunk

Buttercup Games: Further Dashboarding Techniques (Part 9)

Buttercup Games: Further Dashboarding Techniques (Part 8)