Hello Team,
We have integrated Sophos Central SaaS account with Splunk using Sophos Central app. For the API collection we have created the token in Sophos SaaS account and then followed steps as given in app documentation. The integration was successful and we started seeing the logs into our Splunk environment. However after few days ( may be after 1 day itself) we stop getting logs from Sophos ( nothing was changed in Sophos SaaS API token) and we saw below errors:
ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/sophos_central/bin/sophos_events.py" TypeError: argument of type 'NoneType' is not iterable
ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/sophos_central/bin/sophos_events.py" if "central.sophos.com" in c['realm']
ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/sophos_central/bin/sophos_events.py" File "/opt/splunk/etc/apps/sophos_central/bin/sophos_events.py", line 17, in getCredentials
ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/sophos_central/bin/sophos_events.py" endpoint, apiKey, auth = getCredentials(sessionKey)
ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/sophos_central/bin/sophos_events.py" File "/opt/splunk/etc/apps/sophos_central/bin/sophos_events.py", line 31, in main()
We then removed the integration thinking something went wrong with API collection and integrated again. However it again worked only for 2 days and now we again started getting same error messages as above.
Need someone to provide any feedback on this.
Regards,
Sushant Watghare
... View more