Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

SSL error with new version of nozomi addon

Aqibrehman1
Loves-to-Learn
‎06-13-2024 12:28 PM

Hi, I'm not able to integrate SPlunk with Nozomi, with the available app (Nozomi Networks Universal Add-on), on the other hand I've tested the legacy addon and receive the alerys/assets but not with full info.

The server (Nozomi Guardian) is self-signed.

After configuring the latest version and setting up the inputs for receiving alerts, asset etc. There's no data being received in the index, and from the splunk logs I see the following:

 

06-13-2024 21:23:01.529 +0200 ERROR ExecProcessor [3854374 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/TA-nozomi-networks-universal-add-on/bin/universal_session.py" HTTPSConnectionPool(host='192.168.1.4', port=443): Max retries exceeded with url: /api/open/sign_in (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1106)')))

I tought the solution could be by just disabling the ssl verification, but then why the legacy addon is working fine but the new version is not? In case I need to disable SSL verification, would like to know where is the right file and parameter.

 

thank you,

 

0 Karma
Reply

deepakc
Builder
‎06-14-2024 12:33 AM

I suspect that they have made some changes to the TA add-on code and python scripts  universal_session.py

I would contact them directly and see if you can get any further information. Disabling comes with security risks,  and most likely done within the python code. But I understand you have self signed ones,  and should have options, so seeking their advise might be the best cause of action, hopefully they can get the TA developer to give you further help. 

 support@nozominetworks.com 

 

0 Karma
Reply
Get Updates on the Splunk Community!

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...