Splunk Phantom
Highlighted

invalid token error while communicating through rest API with phantom using splunk

New Member
0 Karma
Highlighted

Re: invalid token error while communicating through rest API with phantom using splunk

New Member

can anyone here to help me in this regard ?

0 Karma
Highlighted

Re: invalid token error while communicating through rest API with phantom using splunk

Splunk Employee
Splunk Employee

Can you provide more details on what configuration you have set on both sides? Also have you checked out: https://my.phantom.us/4.5/docs/admin/splunk ?

0 Karma
Highlighted

Re: invalid token error while communicating through rest API with phantom using splunk

New Member

thanks i solved my issue

0 Karma
Highlighted

Re: invalid token error while communicating through rest API with phantom using splunk

Splunk Employee
Splunk Employee

Would you be able to post the details of your fix in case anyone else runs across the same problem?

0 Karma
Highlighted

Re: invalid token error while communicating through rest API with phantom using splunk

Splunk Employee
Splunk Employee

Areas to check:

  1. Automation user on the Phantom side used for the Splunk integration - check the "Allowed IPs" config, this needs to allow for the Splunk search head to communicate with the Phantom host to create new containers/artifacts via the Forwarding Config
  2. Make sure you're entering the entire 'ph-auth-token' value on the Phantom Server Configuration
  3. Check the $splunk_home/var/log/splunk/phantom_configuration.log file for more details

Please post more information to aid in finding a fix.

0 Karma