Re: Splunk Phantom: On Phantom: Verify server's 'A... - Page 2

scc00 · ‎01-26-2021

I get this error when i attempt to add a server to the Splunk Phantom App on Splunk Enterprise. I have added the phantom role to the admin role within Splunk Enterprise. I have disabled SSL verification in case that was the issue. There is no network connectivity issues between the servers. But I am still getting this 400 error with no Text context. I also created a new automation user on the phantom side and applied updated SSL certificates and not there are no SSL errors. Has anyone seen this issue yet? I have it hosted in AWS on EC2 instances sharing the same security groups.

"There was an error adding the server configuration.
On Phantom: Verify server's 'Allowed IPs' and authorization configuration.

Status: 400
Text:"

scc00 · ‎01-27-2021

Thanks for responding @phanTom .

I have tried 'any', i've used the internal cidr, single IPs, nothing has worked thus far. It is in the same VPC with a 192.168.* private IP with no public IP. The SG allows all traffic between the private CIDR so there shouldn't be any issue there. How do i adjust the auth.json? I am new to Phantom and it does not allow me to modify it within the account i created.

What kind of red-herring are you thinking?

Splunk Phantom: On Phantom: Verify server's 'Allowed IPs' and authorization configuration.

configuration

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Observability Simplified: Combining User Experience, Application Performance & ...

Event Series May & June: From Network Visibility to Service Intelligence

Global Splunk User Group Events: May + June 2026

Join the Conversation