ERROR PasswordHandler - Decrypted password from st...

ialislam · ‎05-03-2019

When attempting to SendAlert to trigger action from our Malwarebytes Splunk App. I receive the following Error in Splunkd log "ERROR PasswordHandler - Decrypted password from stanza=credential::127.0.0.1\Administrator: is not utf8, skipping". In the mbbr_python log, I receive the following Error, "05/02/19 22:42:55 dest_ip=172.16.207.125 message="password extracted for the username:127.0.0.1\Administrator"
05/02/19 22:42:55 title="error: unable to extract credentials"message="'clear_password'"

Any ideas on why?? Thanks in advance..

koshyk · ‎05-06-2019

seems like your password was not encrypted correctly. Did you put in the same app itself?
(Or may be bug in the app)
Have a try by removing from all apps, and putting the same stanza in same app within $SPLUNK_HOME/etc/system/local/<config_file>.conf

Restart Splunk and see if it fixes

ialislam · ‎05-06-2019

Thanks for your suggestions. I will test your recommendation and update on results. Yes, I did install the application and was prepared to perform a total reinstallation of my Splunk instance. But was afraid I might have some issues with reuse of developers license in rebuild Splunk instance. Results coming..

ERROR PasswordHandler - Decrypted password from stanza=credential::127.0.0.1\\Administrator: is not utf8, skipping

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?