- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk Security Essential - MITRE ATT&CK Matrix
HI all,
I just installed the security essential app on my splunk but i'm having issues retrieving the MITRE matrix.
I get the following error: External search command 'mitremap' returned error code 1. Script output = "Error! "{""status"": ""ERROR"", ""description"": ""Error occurred reading enterprise-attack.json"", ""message"": ""'objects'""}" "
This error occurs both in the default dashboard for MITRE Framework but also if i try to use the command | mitremap in the search.
Does anyone have any suggestion to solve this?
Thank you in advance!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have the same issue. We use Splunk Cloud, and the permissions are fine. I did not uninstall and reinstall, as I'm not sure of the full ramifications of that.
I don't know if it's related or not, but I noticed it after I installed the latest version from Splunkbase.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I created a support ticket, and they confirmed that this is a bug that will be fixed in the next release of SSE. However, they could not provide a date for the update and recommended that I downgrade back to 3.7.1. I did so and that worked. I've asked that they update the "Known Issues" list with this bug info.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@lorispiana Did you resolve this issue ? I am facing the same problem, can you please let me know. Thank you
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
From the error "Error occurred reading enterprise-attack.json"
Could it be that it can’t find the file or it's a permissions issue?
A few things to check:
- Verify Permissions (User/Role) access to the security essentials app.
- Verify if it was installed correctly with correct permissions (via Gui or copy to /opt/splunk/etc/apps/ folder with correct splunk OS level permissions, assumiing this was linux based)
- Uninstall and re-install.
See how that goes first.
![](/skins/images/53C7C94B4DD15F7CACC6D77B9B4D55BF/responsive_peak/images/icon_anonymous_message.png)