When using the sensorsearch command included as part of the VMware Carbon Black EDR On-Prem App I get a Python ValueError and only a small number or no results (depending on the query).
For example, the following query for all sensor information:
| sensorsearch
Which should return details of all sensors, instead returns details on between 5-20 sensors and the following stack trace:
Error: error searching for None in Cb Response: invalid literal for int() with base 10: ''
stacktrace: Traceback (most recent call last):
File "C:\Program Files\Splunk\etc\apps\DA-ESS-CbResponse\bin\cbhelpers.py", line 120, in transform
yield self.generate_result(result)
File "C:\Program Files\Splunk\etc\apps\DA-ESS-CbResponse\bin\sensor_search.py", line 63, in generate_result
result = super(SensorSearchCommand, self).generate_result(data)
File "C:\Program Files\Splunk\etc\apps\DA-ESS-CbResponse\bin\cbhelpers.py", line 103, in generate_result
rawdata = dict((field_name, getattr(data, field_name, "")) for field_name in self.field_names)
File "C:\Program Files\Splunk\etc\apps\DA-ESS-CbResponse\bin\cbhelpers.py", line 103, in <genexpr>
rawdata = dict((field_name, getattr(data, field_name, "")) for field_name in self.field_names)
File "C:\Program Files\Splunk\etc\apps\DA-ESS-CbResponse\bin\cbapi\models.py", line 101, in __get__
return coerce_type(value)
ValueError: invalid literal for int() with base 10: ''Testing the API directly via curl using the same API key returns the expected results.
The app is installed on a search head running Splunk v7.2.5.1 on Windows Server 2016.
Version information:
- Splunk: v7.2.5.1 on Windows Server 2016
- VMware Carbon Black EDR On-Prem App: 2.1.4
- Carbon Black Response/EDR on prem server version: 7.4.1
Any help greatly appreciated.
