Splunk SOAR

Invalid token in Splunk app for SOAR, yet tokens are the same

schimpanze
Engager

Hello community,

I have come across the issue when I got identical token generated for SOAR user "REST" that I am using for SIEM-SOAR integration and the same was in the Splunk app for SOAR.

When I run "test connectivity" command on the SOAR Server Configuration, it responded with "Authentication Failed: Invalid token".

I have just regenerated the token and everything works like a charm.

Have you ever encountered such issue?

0 Karma
1 Solution

phanTom
SplunkTrust
SplunkTrust

@schimpanze what version are you on? IIRC there was a bug where automation tokens got auto rotated every 30 days, so you may have fell victim to this?

 

It will be on the Known Issues page of the release version you have if you want to check. 

View solution in original post

Tags (1)

phanTom
SplunkTrust
SplunkTrust

Yes the latest version definitely fixes this and AFAIK is a good, stable version too with lots of other bug fixes.

0 Karma

schimpanze
Engager

@phanTom we are running version 6.0.0.114895 so basically we fit the scope of the Known issue you are referring to. It is good to know that this page exists, I had no idea so far. Thank you!

It seems that upgrading to the latest release 6.1.1 would do the trick and get us rid of this 30d rotation, don't you think?

0 Karma

phanTom
SplunkTrust
SplunkTrust

@schimpanze what version are you on? IIRC there was a bug where automation tokens got auto rotated every 30 days, so you may have fell victim to this?

 

It will be on the Known Issues page of the release version you have if you want to check. 

Tags (1)
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...