Splunk SOAR (f.k.a. Phantom)
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to fix error with access token string?

jeffminkah20
Observer
‎07-20-2022 06:35 AM

Am trying to access Crowdstrike Intel endpoint where oauth2 token is needed. When I test asset connectivity, I get below error message which I believe is due to the length of the token string. How do I fix this error ?

ERROR MESSAGE

Using provided token to authenticate
Got error: 401
2 actions failed handle_action exception occurred. Error string: ''access_token''
Labels (1)
Labels
0 Karma
Reply

phanTom
SplunkTrust
SplunkTrust
‎07-21-2022 09:25 AM

@jeffminkah20 

What version of SOAR are you on and which app specifically are you using? CrowdStrike OAUTH? ANd what version of the app?

Are you definitely putting the correct items in the correct configuration parameters in the asset? I can't see them being too long as being the issue as they would be generated by CrowdStrike and they built the app. I have also seen many customers use this app with no issues setting up. 

If you are in version 5.x of SOAR then you can access the IDE by pressing the eye symbol to the right of the app and view the code and also run the "test connectivity" action where you should be able to see a bit more verbosity output in the window below.

The error seems to relate to the code trying to grab the `access_token` key from either the REST call response or from the local state file but without more verbosity in the error message I can't pin down the code section that is actually erroring, but i suspect it's the `_get_token` function which doesn't really have a lot of moving parts which is why i think maybe the auth items (client_id & client_secret) may be either incorrect or not allowed to generate a token on the CS side?

Validate all the configuration items, then look to use the IDE to see if you can get more verbosity. You can also clone it and add some debugging statements in to see what's being calculated and what isn't. The `access_string` key seems to relate to the constant CROWDSTRIKE_OAUTH_ACCESS_TOKEN_STRING.

0 Karma
Reply

jeffminkah20
Observer
‎07-21-2022 11:44 AM

Thanks for your response. Cloning the app and debugging helped fix the error.

0 Karma
Reply

jeffminkah20
Observer
‎07-21-2022 09:09 AM

Can I please get some response on this 

0 Karma
Reply
Get Updates on the Splunk Community!

Don't wait! Accept the Mission Possible: Splunk Adoption Challenge Now and Win ...

Attention everyone! We have exciting news to share! We are recruiting new members for the Mission Possible: ...

Unify Your SecOps with Splunk Mission Control

In today’s post, I'm excited to share some recent Splunk Mission Control innovations. With Splunk Mission ...

Data Preparation Made Easy: SPL2 for Edge Processor

By now, you may have heard the exciting news that Edge Processor, the easy-to-use Splunk data preparation tool ...