- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ERROR PasswordHandler - Decrypted password from stanza=credential::127.0.0.1\\Administrator: is not utf8, skipping
When attempting to SendAlert to trigger action from our Malwarebytes Splunk App. I receive the following Error in Splunkd log "ERROR PasswordHandler - Decrypted password from stanza=credential::127.0.0.1\Administrator: is not utf8, skipping". In the mbbr_python log, I receive the following Error, "05/02/19 22:42:55 dest_ip=172.16.207.125 message="password extracted for the username:127.0.0.1\Administrator"
05/02/19 22:42:55 title="error: unable to extract credentials"message="'clear_password'"
Any ideas on why?? Thanks in advance..
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
seems like your password was not encrypted correctly. Did you put in the same app itself?
(Or may be bug in the app)
Have a try by removing from all apps, and putting the same stanza in same app within $SPLUNK_HOME/etc/system/local/<config_file>.conf
Restart Splunk and see if it fixes
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for your suggestions. I will test your recommendation and update on results. Yes, I did install the application and was prepared to perform a total reinstallation of my Splunk instance. But was afraid I might have some issues with reuse of developers license in rebuild Splunk instance. Results coming..
