I am trying to configure the CB Response App for Splunk version 2.0.4 on Splunk 6.3.8.
https://splunkbase.splunk.com/app/3336/#/details
When I go through the documentation, I am missing a "Setup" action listed in Step 3 of "To configure the Cb Response app for Splunk to connect to your Cb Response server:"
Does anyone know why this link may be missing? Having trouble configuring the app without it.
There may be an issue with how the setup is handled for older versions of Splunk (< 6.4). The new setup screen is generated by Splunk Add-On Builder 2.0, and I believe that setup screen is only compatible with Splunk 6.4 and above. I will double check with my Splunk contacts on this question.
You may be able to access the setup page directly, can you access the URL /en-US/app/DA-ESS-CbResponse/setup_page?action=edit on your Splunk server?
Thanks
- Jason
There may be an issue with how the setup is handled for older versions of Splunk (< 6.4). The new setup screen is generated by Splunk Add-On Builder 2.0, and I believe that setup screen is only compatible with Splunk 6.4 and above. I will double check with my Splunk contacts on this question.
You may be able to access the setup page directly, can you access the URL /en-US/app/DA-ESS-CbResponse/setup_page?action=edit on your Splunk server?
Thanks
- Jason
I realize this is old, but I have this exact same issue with Splunk 7.1.2 and CB Response 2.1.2. I had no issue installing CB Defense in Splunk.
I have tried http://localhost:8000/en-US/app/DA-ESS-CbResponse?setup=1 and it goes right to the dashboard configuration. I haven't been able to define the API token and URL.
Should anyone else have this problem and stumble upon this question…
It turns out that moving to a remote system instead of running from the server allowed the setup page to appear. I do not know if it was a browser (Internet Explorer) restriction on the server or if host headers came into play when reaching the page from another system, but this resolved the issue in my case.
Thank you Jason. Accessing that page directly was a successful workaround for pre 6.4.