Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk Security Essential - MITRE ATT&CK Matrix

lorispiana
New Member
a month ago

HI all,

I just installed the security essential app on my splunk but i'm having issues retrieving the MITRE matrix.

I get the following error: External search command 'mitremap' returned error code 1. Script output = "Error! "{""status"": ""ERROR"", ""description"": ""Error occurred reading enterprise-attack.json"", ""message"": ""'objects'""}" "

This error occurs both in the default dashboard for MITRE Framework but also if i try to use the command | mitremap  in the search.

Does anyone have any suggestion to solve this?

Thank you in advance!

Labels (1)
Labels
0 Karma
Reply

deepakc
Builder
a month ago

From the error "Error occurred reading enterprise-attack.json"

Could it be that it can’t find the file or it's a permissions issue?

A few things to check:

  1. Verify Permissions (User/Role) access to the security essentials app.
  2. Verify if it was installed correctly with correct permissions (via Gui or copy to /opt/splunk/etc/apps/ folder with correct splunk OS level permissions, assumiing this was linux based)
  3. Uninstall and re-install.

 

See how that goes first.

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Your Guide to SPL2 at .conf24!

So, you’re headed to .conf24? You’re in for a good time. Las Vegas weather is just *chef’s kiss* beautiful in ...