Splunk SOAR

Invalid token in Splunk app for SOAR, yet tokens are the same

schimpanze
Engager

Hello community,

I have come across the issue when I got identical token generated for SOAR user "REST" that I am using for SIEM-SOAR integration and the same was in the Splunk app for SOAR.

When I run "test connectivity" command on the SOAR Server Configuration, it responded with "Authentication Failed: Invalid token".

I have just regenerated the token and everything works like a charm.

Have you ever encountered such issue?

0 Karma
1 Solution

phanTom
SplunkTrust
SplunkTrust

@schimpanze what version are you on? IIRC there was a bug where automation tokens got auto rotated every 30 days, so you may have fell victim to this?

 

It will be on the Known Issues page of the release version you have if you want to check. 

View solution in original post

Tags (1)

phanTom
SplunkTrust
SplunkTrust

Yes the latest version definitely fixes this and AFAIK is a good, stable version too with lots of other bug fixes.

0 Karma

schimpanze
Engager

@phanTom we are running version 6.0.0.114895 so basically we fit the scope of the Known issue you are referring to. It is good to know that this page exists, I had no idea so far. Thank you!

It seems that upgrading to the latest release 6.1.1 would do the trick and get us rid of this 30d rotation, don't you think?

0 Karma

phanTom
SplunkTrust
SplunkTrust

@schimpanze what version are you on? IIRC there was a bug where automation tokens got auto rotated every 30 days, so you may have fell victim to this?

 

It will be on the Known Issues page of the release version you have if you want to check. 

Tags (1)
Get Updates on the Splunk Community!

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

As of Splunk Cloud Platform 9.3.2408 and Splunk Enterprise 9.4, classic dashboard export features are now ...