All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why is the script generating an error with Tripwire Add-On?

akshatj2
Path Finder
‎04-03-2018 06:51 AM

Hi

I have been trying to integrate FIM and SCM logs from tripwire 8.3.7 but the script is generating the exception below:

Exception: SOAP-ENV:ClientOnly the built-in administrator can access the SOAP API while in Common Criteria mode.

Even though the Admin privileges have been assigned to the user we still see the same error on Splunk.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

akshatj2
Path Finder
‎06-28-2018 08:52 AM

We found the issue, issue was on Tripwire End;

The Add-on requires complete Admin access to Tripwire Consoles.

you need to change the following entry in server.properties file on the tripwire:
tw.securityAuditLog.enabled=false

if set to true, this restricts all users except the Built-In Administrator for TE console from accessing the SOAP API

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

akshatj2
Path Finder
‎06-28-2018 08:52 AM

We found the issue, issue was on Tripwire End;

The Add-on requires complete Admin access to Tripwire Consoles.

you need to change the following entry in server.properties file on the tripwire:
tw.securityAuditLog.enabled=false

if set to true, this restricts all users except the Built-In Administrator for TE console from accessing the SOAP API

0 Karma
Reply
Solved! Jump to solution

ron_brown
Explorer
‎06-28-2018 09:56 AM

Perfect, that is exactly what I needed. Changed that and works like champ.

0 Karma
Reply
Solved! Jump to solution

ron_brown
Explorer
‎06-28-2018 08:45 AM

Has anyone found the answer to this? I've been struggling through the TE addon install, and finally have gotten to where I"m getting my assets into Splunk, but now I get this same error, and none of the data seems to be coming in. The addon instructions specifically say to create a separate user in TE for this purpose, which I have done and given it Administrator rights with all groups access as well. What is the reason for this error? Do we have to use the REST API instead of SOAP if we're not using the built-in TE admin account? Thanks.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

 Prepare to elevate your security operations with the powerful upgrade to Splunk Enterprise Security 8.x! This ...

Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...

Passionate about security automation? Apply now to our AI Playbook Authoring Alpha private preview ...

Reduce and Transform Your Firewall Data with Splunk Data Management

Managing high-volume firewall data has always been a challenge. Noisy events and verbose traffic logs often ...