Splunk SOAR
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to fix error with access token string?

jeffminkah20
Observer
‎07-20-2022 06:35 AM

Am trying to access Crowdstrike Intel endpoint where oauth2 token is needed. When I test asset connectivity, I get below error message which I believe is due to the length of the token string. How do I fix this error ?

ERROR MESSAGE

Using provided token to authenticate
Got error: 401
2 actions failed handle_action exception occurred. Error string: ''access_token''
Labels (1)
Labels
0 Karma
Reply

phanTom
SplunkTrust
SplunkTrust
‎07-21-2022 09:25 AM

@jeffminkah20 

What version of SOAR are you on and which app specifically are you using? CrowdStrike OAUTH? ANd what version of the app?

Are you definitely putting the correct items in the correct configuration parameters in the asset? I can't see them being too long as being the issue as they would be generated by CrowdStrike and they built the app. I have also seen many customers use this app with no issues setting up. 

If you are in version 5.x of SOAR then you can access the IDE by pressing the eye symbol to the right of the app and view the code and also run the "test connectivity" action where you should be able to see a bit more verbosity output in the window below.

The error seems to relate to the code trying to grab the `access_token` key from either the REST call response or from the local state file but without more verbosity in the error message I can't pin down the code section that is actually erroring, but i suspect it's the `_get_token` function which doesn't really have a lot of moving parts which is why i think maybe the auth items (client_id & client_secret) may be either incorrect or not allowed to generate a token on the CS side?

Validate all the configuration items, then look to use the IDE to see if you can get more verbosity. You can also clone it and add some debugging statements in to see what's being calculated and what isn't. The `access_string` key seems to relate to the constant CROWDSTRIKE_OAUTH_ACCESS_TOKEN_STRING.

0 Karma
Reply

jeffminkah20
Observer
‎07-21-2022 11:44 AM

Thanks for your response. Cloning the app and debugging helped fix the error.

0 Karma
Reply

jeffminkah20
Observer
‎07-21-2022 09:09 AM

Can I please get some response on this 

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...