HI all,
I just installed the security essential app on my splunk but i'm having issues retrieving the MITRE matrix.
I get the following error: External search command 'mitremap' returned error code 1. Script output = "Error! "{""status"": ""ERROR"", ""description"": ""Error occurred reading enterprise-attack.json"", ""message"": ""'objects'""}" "
This error occurs both in the default dashboard for MITRE Framework but also if i try to use the command | mitremap in the search.
Does anyone have any suggestion to solve this?
Thank you in advance!
I have the same issue. We use Splunk Cloud, and the permissions are fine. I did not uninstall and reinstall, as I'm not sure of the full ramifications of that.
I don't know if it's related or not, but I noticed it after I installed the latest version from Splunkbase.
I created a support ticket, and they confirmed that this is a bug that will be fixed in the next release of SSE. However, they could not provide a date for the update and recommended that I downgrade back to 3.7.1. I did so and that worked. I've asked that they update the "Known Issues" list with this bug info.
@lorispiana Did you resolve this issue ? I am facing the same problem, can you please let me know. Thank you
From the error "Error occurred reading enterprise-attack.json"
Could it be that it can’t find the file or it's a permissions issue?
A few things to check:
See how that goes first.