All Apps and Add-ons

Why does Splunk Add-On for Tenable Locks Account

jscraig2006
Communicator

I am having an issue with the Splunk_TA_nessus app locking the service account in Security Center. I am on version 5.1.3. I can log into Secuirty Center with the service account with out issues, so I know the password is good.

2018-04-26 01:24:29,005 +0000 log_level=ERROR, pid=26830, tid=Thread-4, file=ta_data_collector.py, func_name=index_data, code_line_no=118 | [stanza_name="Security Center Inputs" data="sc_vulnerability" server="Security Center"] Failed to index data
Traceback (most recent call last):
File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/ta_data_collector.py", line 115, in index_data
self._do_safe_index()
File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/ta_data_collector.py", line 148, in _do_safe_index
self._client = self._create_data_client()
File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/ta_data_collector.py", line 95, in _create_data_client
self._checkpoint_manager)
File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/ta_data_client.py", line 55, in __init__
self._ckpt)
File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/ta_tenable_sc_data_collector.py", line 18, in do_job_one_time
return _do_job_one_time(all_conf_contents, task_config, ckpt)
File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/ta_tenable_sc_data_collector.py", line 55, in _do_job_one_time
release_session=release_session)
File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/security_center.py", line 245, in get_security_center
sc.login(username, password)
File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/security_center.py", line 47, in login
result = self.perform_request('POST', 'token', data)
File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/security_center.py", line 164, in perform_request
self._error_check(response, result)
File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/security_center.py", line 213, in _error_check
result['error_msg'])
APIError: 'status=403, error_code=163, error_msg=Account locked.\n'

0 Karma
1 Solution

jscraig2006
Communicator

Look for additional app installation on other boxes.

View solution in original post

0 Karma

jscraig2006
Communicator

Look for additional app installation on other boxes.

0 Karma

jscraig2006
Communicator

Sometimes I answer my own questions.. Found the app also installed on a dev box with bad password!

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...