Splunk SOAR

Configuring App - Error - Missing required fields secrect,key

akg12106
New Member

Hi,
I am installing an App and fill out the required information under Asset Info and Asset settings. Under Asset settings, I enter the the correct username and API key that I get from the vendor portal. However, when I save the configuration, I get a message that pops up (right corner) that reads 'Missing required fields secrect,key'. I do not see any other required fields. Does anyone know what the error means or referencing?

Splunk phantom version 4.5.15922
App is a 3rd party vendor app.

Labels (2)
Tags (1)
0 Karma
1 Solution

phantom_mhike
SplunkTrust
SplunkTrust

I did not dig extensively into the issue you are seeing because that app code is 4 years old. The app version you can get from my.phantom.us right now is far more recent. I would also suggest following the advice in the release notes about deleting old assets and rebuilding them.

PassiveTotal Release Notes - Published by Phantom February 05, 2019

Version 1.2.36 - Released February 05, 2019
Compatibility changes for Phantom release 4.2

Version 1.2.28 - Released February 06, 2018
App action views and Logo updates

Version 1.2.25 - Released August 23, 2017
3.0 compatibility update release only

Version 1.2.23 - Released July 27, 2017
3.0 compatibility update release only

Version 1.2.22 - Released March 23, 2017
Minor error handling fix

Version 1.2.21 - Released December 12, 2016
NOTE: Existing PassiveTotal Assets must be deleted, and a new one must be created after installing this version.
The app has been rewritten to use the new PassiveTotal APIv2, their v1 API has been deprecated
Added "whois ip" and "whois domain" actions
Removed verify server certificate option, we now always validate the certificate

View solution in original post

0 Karma

phantom_mhike
SplunkTrust
SplunkTrust

I did not dig extensively into the issue you are seeing because that app code is 4 years old. The app version you can get from my.phantom.us right now is far more recent. I would also suggest following the advice in the release notes about deleting old assets and rebuilding them.

PassiveTotal Release Notes - Published by Phantom February 05, 2019

Version 1.2.36 - Released February 05, 2019
Compatibility changes for Phantom release 4.2

Version 1.2.28 - Released February 06, 2018
App action views and Logo updates

Version 1.2.25 - Released August 23, 2017
3.0 compatibility update release only

Version 1.2.23 - Released July 27, 2017
3.0 compatibility update release only

Version 1.2.22 - Released March 23, 2017
Minor error handling fix

Version 1.2.21 - Released December 12, 2016
NOTE: Existing PassiveTotal Assets must be deleted, and a new one must be created after installing this version.
The app has been rewritten to use the new PassiveTotal APIv2, their v1 API has been deprecated
Added "whois ip" and "whois domain" actions
Removed verify server certificate option, we now always validate the certificate

0 Karma

akg12106
New Member

Thanks for looking Mhike.
RiskIQ had provided the Github URL but I was able to get 1.2.36 installed successfully. I will continue with the 1.2.36 version. Thanks again for your help and time.

0 Karma

phantom_mhike
SplunkTrust
SplunkTrust

Can you provide the name of the app you are trying to set up? Its pretty hard to check out the problem without being able to look at the app itself.

0 Karma

akg12106
New Member

Hi Mhike,
The app is from RiskIQ and I got the app here, https://github.com/passivetotal/phantom_app.

Thanks

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...