Splunk SOAR

Invalid token in Splunk app for SOAR, yet tokens are the same

schimpanze
Engager

Hello community,

I have come across the issue when I got identical token generated for SOAR user "REST" that I am using for SIEM-SOAR integration and the same was in the Splunk app for SOAR.

When I run "test connectivity" command on the SOAR Server Configuration, it responded with "Authentication Failed: Invalid token".

I have just regenerated the token and everything works like a charm.

Have you ever encountered such issue?

0 Karma
1 Solution

phanTom
SplunkTrust
SplunkTrust

@schimpanze what version are you on? IIRC there was a bug where automation tokens got auto rotated every 30 days, so you may have fell victim to this?

 

It will be on the Known Issues page of the release version you have if you want to check. 

View solution in original post

Tags (1)

phanTom
SplunkTrust
SplunkTrust

Yes the latest version definitely fixes this and AFAIK is a good, stable version too with lots of other bug fixes.

0 Karma

schimpanze
Engager

@phanTom we are running version 6.0.0.114895 so basically we fit the scope of the Known issue you are referring to. It is good to know that this page exists, I had no idea so far. Thank you!

It seems that upgrading to the latest release 6.1.1 would do the trick and get us rid of this 30d rotation, don't you think?

0 Karma

phanTom
SplunkTrust
SplunkTrust

@schimpanze what version are you on? IIRC there was a bug where automation tokens got auto rotated every 30 days, so you may have fell victim to this?

 

It will be on the Known Issues page of the release version you have if you want to check. 

Tags (1)
Get Updates on the Splunk Community!

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Hey Splunky People! We are excited to share the latest updates in Splunk Enterprise 9.4. In this release we ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...