All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

rapid7nexpose.py KeyError: 'session-id'

smitra_splunk
Splunk Employee
Splunk Employee
‎12-05-2017 05:16 PM

Hi,

I'm unable to get the modular input for downloading assets and vulnerabilities to connect to the Rapid7Nexpose instance.

Here are the errors I see in the _internal Execprocessor logs in Splunk.

12-06-2017 01:00:00.411 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py" KeyError: 'session-id'
12-06-2017 01:00:00.411 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py"   File "lxml.etree.pyx", line 2295, in lxml.etree._Attrib.__getitem__ (src/lxml/lxml.etree.c:59806)
12-06-2017 01:00:00.411 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py"     self.authtoken = response.attrib['session-id']
12-06-2017 01:00:00.411 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py"   File "/opt/splunk/etc/apps/TA-rapid7_nexpose/bin/api/pnexpose.py", line 39, in login
12-06-2017 01:00:00.411 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py"     self.login()
12-06-2017 01:00:00.411 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-rapid7_nexpose/bin/rapid7nexpose.py"   File "/opt/splunk/etc/apps/TA-rapid7_nexpose/bin/api/pnexpose.py", line 33, in __init__

Could this be a login issue on the Nexpose server or is it something in Splunk ? I've checked the password.

Any hint/direction is highly appreciated.

Best Regards,
Shreedeep.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

damien_chillet
Builder
‎12-06-2017 02:31 AM

These error messages suggest that authentication against the Nexpose server was unsuccessful.

Unfortunately, there is not enough to say why.
If you are confident about your credentials/port/hostname, try to make sure there is no firewall blocking the connection.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

MikeElliott
Communicator
‎08-14-2020 04:45 AM

Posted 2020

I recently deployed this TA and experienced the same issue as in the OP's post.  There is a similarly related issue on Answers that states the error message changed when the OP pointed the TA at a scan engine instead of the management console - This was also true for me (changed to a timeout error).

We identified that the user account that was created for us on the Rapid7 asset was configured to force a password reset upon first login.  The repeated attempts were also causing account lockouts in the Rapid7 audit logs and was very telling as to the issue.

We disabled the inputs in the Rapid7 TA, reconfigured the user, updated the TA's account configuration and then re-enabled the inputs.  We were able to confirm successful configuration almost instantly.

I hope this is helpful for others experiencing the same/similar issues.

0 Karma
Reply
Solved! Jump to solution
Solution

damien_chillet
Builder
‎12-06-2017 02:31 AM

These error messages suggest that authentication against the Nexpose server was unsuccessful.

Unfortunately, there is not enough to say why.
If you are confident about your credentials/port/hostname, try to make sure there is no firewall blocking the connection.

0 Karma
Reply
Solved! Jump to solution

smitra_splunk
Splunk Employee
Splunk Employee
‎12-08-2017 10:30 AM

We pointed to a different Nexpose server/instance/hostname and it worked using the same AD userid/password. There was something wrong within the original Nexpose server as it wouldn't allow us to log in on it's web UI too.

I'm marking your answer as accepted.

0 Karma
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...