Splunk SOAR
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

installation using rpm - authorization

kwells0479
Explorer
‎02-12-2020 06:39 PM

We have been working on getting an installation of phantom running in a centos:7 docker container using rpm, but are experiencing some issues around authentication following the steps outlined here:

https://docs.splunk.com/Documentation/Phantom/4.8/Install/InstallRPM

We cannot authenticate when running the install script, in the docker container or even locally. Our team has taken a look at phantom_setup.sh and have tried passing our splunk phantom community credentials in simple requests to the phantom repo, for example: wget https://USER:PW@repo.phantom.us/phantom/4.8/product/x86_64/repodata/repomd.xml (this example is just a test to confirm), but all tests have resulted in failed authentication. Is anyone else experiencing this issue?

Labels (2)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

kwells0479
Explorer
‎02-13-2020 12:56 PM

After back and forth trying to verify, this morning we realized there seems to have been a bug with the phantom community login authentication. Yesterday Both myself and another developer were able to login to https://my.phantom.us/ with the user id used to log into: https://login.splunk.com. This morning we tried the same process and were prompted to login using our associated email account for the login user. This bug confused as about which set of credentials we were supposed to be using, hopefully it was fixed.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

kwells0479
Explorer
‎02-13-2020 12:56 PM

After back and forth trying to verify, this morning we realized there seems to have been a bug with the phantom community login authentication. Yesterday Both myself and another developer were able to login to https://my.phantom.us/ with the user id used to log into: https://login.splunk.com. This morning we tried the same process and were prompted to login using our associated email account for the login user. This bug confused as about which set of credentials we were supposed to be using, hopefully it was fixed.

0 Karma
Reply
Solved! Jump to solution

vikramyadav
Contributor
‎02-13-2020 09:26 AM

Refer this
https://my.phantom.us/4.6/docs/installation/rpm#InstallFromRPM

0 Karma
Reply
Solved! Jump to solution

kwells0479
Explorer
‎02-13-2020 09:46 AM

As stated above, we have been following that documentation:

https://docs.splunk.com/Documentation/Phantom/4.8/Install/InstallRPM

Only for version 4.8. Do you believe this issue is version specific?

0 Karma
Reply
Solved! Jump to solution

vikramyadav
Contributor
‎02-13-2020 09:49 AM

Yeah. It might be a version. Because I also had install phantom in my organization and I was successfully able to install. Try to install an older version.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

 Are you ready to revolutionize your IT operations? As digital transformation accelerates, the demand for ...

Calling All Security Pros: Ready to Race Through Boston?

Hey Splunkers, .conf25 is heading to Boston and we’re kicking things off with something bold, competitive, and ...

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Financial services organizations face an impossible equation: maintain 99.9% uptime for mission-critical ...