Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk Security Essential - MITRE ATT&CK Matrix

lorispiana
New Member
‎05-02-2024 02:35 AM

HI all,

I just installed the security essential app on my splunk but i'm having issues retrieving the MITRE matrix.

I get the following error: External search command 'mitremap' returned error code 1. Script output = "Error! "{""status"": ""ERROR"", ""description"": ""Error occurred reading enterprise-attack.json"", ""message"": ""'objects'""}" "

This error occurs both in the default dashboard for MITRE Framework but also if i try to use the command | mitremap  in the search.

Does anyone have any suggestion to solve this?

Thank you in advance!

Labels (1)
Labels
0 Karma
Reply

deepakc
Builder
‎05-02-2024 05:29 AM

From the error "Error occurred reading enterprise-attack.json"

Could it be that it can’t find the file or it's a permissions issue?

A few things to check:

  1. Verify Permissions (User/Role) access to the security essentials app.
  2. Verify if it was installed correctly with correct permissions (via Gui or copy to /opt/splunk/etc/apps/ folder with correct splunk OS level permissions, assumiing this was linux based)
  3. Uninstall and re-install.

 

See how that goes first.

0 Karma
Reply
Get Updates on the Splunk Community!

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...

Adoption of Infrastructure Monitoring at Splunk

  Splunk's Growth Engineering team showcases one of their first Splunk product adoption-Splunk Infrastructure ...