Phantom playbook

brunofernandez · ‎02-14-2019

I am able to run an action (whois ip from whois app) successfuly.
However, if i put this action as part of a playbook, when running the playbook I am getting this error message:

Cannot execute the playbook. Failed to get user session token for the effective user id: 1

Getting the same result if run with that automation user or as current user (me).

Cant find anything helpful in phantom documentation...

cblumer_splunk · ‎08-30-2019

This issue has been fixed in the most recent v4.5 GA Release. Please upgrade to resolve the problem.

Here's the Upgrade KB including the steps needed for upgrading your Phantom instance:
https://my.phantom.us/kb/5/

rsantoso_splunk · ‎03-18-2019

Hi Brunofernandez,

The error message “Failed to get user session token for the effective user id:” indicates a known issue.
It should be resolved in Phantom 3.5.210. Which phantom version that you are running?

shansp01 · ‎06-14-2021

hi i am running unprev version 4.10 and i still see the above error.

Cannot execute the playbook. Failed to get user session token for the effective user id: 1

it happens for admin as well as other users

is there a setting that needs to be tweaked

Thanks

brunofernandez · ‎03-19-2019

Thank you for the answer rsantoso. Much appreciated. Unfortunately I have that exact version, i.e. version 3.5.210. May try to upgrade to a newer version...

rsantoso_splunk · ‎03-19-2019

No problem Bruno, please let us know the result after the upgrade.

Phantom playbook

Preparing your Splunk Environment for OpenSSL3

Unleash Unified Security and Observability with Splunk Cloud Platform

Splunk AppDynamics with Cisco Secure Application