Splunk SOAR (f.k.a. Phantom)

Reversing Labb Testing Connectivity Failed

johnteo
Explorer

Hi all, my attempt to set up reversing labs app in Splunk Phantom has run into an error.

It says:
Connectivity test failed. Please check your credentials or the network connectivity. HTTP status_code: 401, reason; UNAUTHORIZED. https://ticloud-aws1-api.reversinglabs.com/api/databrowser/malware_presence/bulk_query/json?extended.... No action executions found.

How do I troubleshoot and resolve this error?

Labels (1)
Tags (1)
0 Karma
1 Solution

phantom_mhike
Path Finder

This error suggests that either you are not a reversinglabs customer or your credentials have been input incorrectly in the phantom asset. The test connectivity function simply reaches out to the reversinglabs service and tests the credentials you used and yours returned a 401 unauthorized response. If you are already a reversing labs customer, make sure your credentials work outside of phantom and then try adding them to the asset again. If that doesnt work, you will need to resolve the access issue with reversinglabs. If you arent a reversinglabs customer, then this particular integration isnt going to work for you.

View solution in original post

phantom_mhike
Path Finder

This error suggests that either you are not a reversinglabs customer or your credentials have been input incorrectly in the phantom asset. The test connectivity function simply reaches out to the reversinglabs service and tests the credentials you used and yours returned a 401 unauthorized response. If you are already a reversing labs customer, make sure your credentials work outside of phantom and then try adding them to the asset again. If that doesnt work, you will need to resolve the access issue with reversinglabs. If you arent a reversinglabs customer, then this particular integration isnt going to work for you.

Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...