Solved: Invalid token in Splunk app for SOAR, yet tokens a...

schimpanze · ‎10-13-2023

Hello community,

I have come across the issue when I got identical token generated for SOAR user "REST" that I am using for SIEM-SOAR integration and the same was in the Splunk app for SOAR.

When I run "test connectivity" command on the SOAR Server Configuration, it responded with "Authentication Failed: Invalid token".

I have just regenerated the token and everything works like a charm.

Have you ever encountered such issue?

phanTom · ‎10-13-2023

@schimpanze what version are you on? IIRC there was a bug where automation tokens got auto rotated every 30 days, so you may have fell victim to this?

It will be on the Known Issues page of the release version you have if you want to check.

View solution in original post

phanTom · ‎10-13-2023

Yes the latest version definitely fixes this and AFAIK is a good, stable version too with lots of other bug fixes.

schimpanze · ‎10-13-2023

@phanTom we are running version 6.0.0.114895 so basically we fit the scope of the Known issue you are referring to. It is good to know that this page exists, I had no idea so far. Thank you!

It seems that upgrading to the latest release 6.1.1 would do the trick and get us rid of this 30d rotation, don't you think?

phanTom · ‎10-13-2023

@schimpanze what version are you on? IIRC there was a bug where automation tokens got auto rotated every 30 days, so you may have fell victim to this?

It will be on the Known Issues page of the release version you have if you want to check.

Invalid token in Splunk app for SOAR, yet tokens are the same

administration

configuration

troubleshooting

using SOAR ⁄ Phantom

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

Splunk APM: New Product Features + Community Office Hours Recap!

Index This | Forward, I’m heavy; backward, I’m not. What am I?