Splunk SOAR
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to fix error with access token string?

jeffminkah20
Observer
‎07-20-2022 06:35 AM

Am trying to access Crowdstrike Intel endpoint where oauth2 token is needed. When I test asset connectivity, I get below error message which I believe is due to the length of the token string. How do I fix this error ?

ERROR MESSAGE

Using provided token to authenticate
Got error: 401
2 actions failed handle_action exception occurred. Error string: ''access_token''
Labels (1)
Labels
0 Karma
Reply

phanTom
SplunkTrust
SplunkTrust
‎07-21-2022 09:25 AM

@jeffminkah20 

What version of SOAR are you on and which app specifically are you using? CrowdStrike OAUTH? ANd what version of the app?

Are you definitely putting the correct items in the correct configuration parameters in the asset? I can't see them being too long as being the issue as they would be generated by CrowdStrike and they built the app. I have also seen many customers use this app with no issues setting up. 

If you are in version 5.x of SOAR then you can access the IDE by pressing the eye symbol to the right of the app and view the code and also run the "test connectivity" action where you should be able to see a bit more verbosity output in the window below.

The error seems to relate to the code trying to grab the `access_token` key from either the REST call response or from the local state file but without more verbosity in the error message I can't pin down the code section that is actually erroring, but i suspect it's the `_get_token` function which doesn't really have a lot of moving parts which is why i think maybe the auth items (client_id & client_secret) may be either incorrect or not allowed to generate a token on the CS side?

Validate all the configuration items, then look to use the IDE to see if you can get more verbosity. You can also clone it and add some debugging statements in to see what's being calculated and what isn't. The `access_string` key seems to relate to the constant CROWDSTRIKE_OAUTH_ACCESS_TOKEN_STRING.

0 Karma
Reply

jeffminkah20
Observer
‎07-21-2022 11:44 AM

Thanks for your response. Cloning the app and debugging helped fix the error.

0 Karma
Reply

jeffminkah20
Observer
‎07-21-2022 09:09 AM

Can I please get some response on this 

0 Karma
Reply
Get Updates on the Splunk Community!

SplunkTrust Application Period is Officially OPEN!

It's that time, folks! The application/nomination period for the 2025 SplunkTrust is officially open! If you ...

Splunk Answers Content Calendar, June Edition II

Get ready to dive into Splunk Dashboard panels this week! We'll be tackling common questions around ...

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

This is the third post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...
Top