cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
m22oswald
Engager
Member since: ‎01-12-2022
‎01-18-2024
Community Statistics
Posts 3
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎01-12-2022
Activity Feed
View All

SOAR HTTP app to Cisco Secure Endpoint API

by in Splunk SOAR
‎01-18-2024 06:58 AM
‎01-18-2024 06:58 AM
I'm trying to set up the HTTP app to access the CIsco Secure Endpoint API (v3).  I've generated the access token following the instructions found here.    I can send a curl request in POSTMAN, using the access token, to get organisation details.  So I know the access token is ok:       curl -s 'https://api.amp.cisco.com/v3/organizations?size=10' \ --header "Authorization: Bearer eyJhbGciOiJ....."       When I enter the same value in the access_token field in the HTTP app and test connectivity, I always receive the following error status code: error 401 Data from server: {"errors":["Missing token"]} I'm not sure what to enter for the Type of Authentication Token, so maybe that's where I'm messing it up.  I think it should be Bearer, because that's the only thing in POSTMAN header other than the token itself. Note that I haven't entered anything in any of the other authentication fields (username, password, url, Client ID, Client Secret).  And also - I get the same error if I don't enter anything in the access token field.  Basically, it's just ignored. ... View more

Re: coldToFrozenScript arguments

by in Monitoring Splunk
‎01-12-2022 08:28 AM
‎01-12-2022 08:28 AM
I figured that would be the answer, but still a little disappointed.  Thanks for the quick reply ... View more

coldToFrozenScript arguments

by in Monitoring Splunk
‎01-12-2022 06:35 AM
‎01-12-2022 06:35 AM
In the coldToFrozenExample.py script there is a --search-files-required argument switch that it looks for, and if found will archive additional files instead of deleting them. I don't want to use this, but I would like to add my own switch to the script in order to add make it more widely applicable.  However, I'm not sure how to actually call the script with the arguments.  Here is the line from indexes.conf that specifies the script:         coldToFrozenScript = "$SPLUNK_HOME/bin/python" "$SPLUNK_HOME/bin/scripts/coldToFrozen.py"         When Splunk actually makes the call, it automatically inserts the bucket to archive after the script name (it has to do this, because the script searches for the bucket name as the first argument).  So I don't know how I would specify a second argument. If anyone can point me in the right direction, I would very much appreciate it.  Thanks so much.    ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎01-18-2024 10:41 AM