About mattmans1

mattmans1 · ‎05-16-2022

Hi PickleRick, thankyou for the reply. I'm using the latest which is 8.2.6 with the latest version of forescout 8.4. I did notice it used the python 3 libraries rather than 2. I have a windows CA so i signed the CSR from Forescout with a CA a created using openssl - copied the CA part to the splunk directory after. I will try using the openssl client you specified to see the certificate chain - im suspecting its not presenting the CACERT.PEM certificate so i agree i need to figure out of that's actually what's not happening. thanks for the advice i will update later when i try again.

mattmans1 · ‎05-15-2022

Hi. I'm having a nightmare getting this adaptive response TA working. Has anybody got it working? I'm getting the following error. ta_forescout_response_init.py:45 - CRITICAL - Unexpected error while getting alert actions from CounterACT: HTTPSConnectionPool ( host= ' forescout.mattlab.local ', port=443 ) : Max retries exceeded with url: /splunk/actions_info ? auth = CounterACT %20 A6885132-A0EE-4AED-A2A3-8C01AF148957 ( Caused by SSLError ( SSLCertVerificationError ( 1 , '[ SSL: CERTIFICATE_VERIFY_FAILED ] certificate verify failed: self signed certificate in certificate chain ( _ssl.c:1106 )'))) The guide I've followed is here. Specifically page 15: https://www.forescout.com/resources/app-and-add-on-for-splunk-how-to-guide-2-9-1/ ******************************************************************************************** To enable HTTPS communication using Forescout eyeExtend for Splunk: 1. Operators must not use the default self-signed web-portal certificate; instead, they need to procure their own certificate. See Appendix 😧 System Certificate for Web Portal. 2. Once the certificates are installed on the CounterACT Appliance, the Forescout platform Public Key Certificate must be appended to the cacert.pem file at the following location: $SPLUNK_HOME/lib/python2.7/site-packages/requests/cacert.pem **************************************************************************** I have created a server certificate for forescout and copied the CA cert over to request directory below root@splunklinux:/opt/splunk/lib/python3.7/site-packages/requests# ls -al total 228 drwxrwxrwx 3 10777 10777 4096 May 15 21:56 . drwxrwxrwx 73 10777 10777 4096 May 2 12:56 .. -rwxrwxrwx 1 10777 10777 21344 Feb 1 00:57 adapters.py -rwxrwxrwx 1 10777 10777 6271 Feb 1 00:57 api.py -rwxrwxrwx 1 10777 10777 10206 Feb 1 00:57 auth.py -rw-r--r-- 1 root root 2110 May 15 19:26 cacert.pem -rwxrwxrwx 1 10777 10777 453 Feb 1 00:57 certs.py -rwxrwxrwx 1 10777 10777 1678 Feb 1 00:57 compat.py -rwxrwxrwx 1 10777 10777 18430 Feb 1 00:57 cookies.py -rwxrwxrwx 1 10777 10777 3185 Feb 1 00:57 exceptions.py -rwxrwxrwx 1 10777 10777 3515 Feb 1 00:57 help.py -rwxrwxrwx 1 10777 10777 757 Feb 1 00:57 hooks.py -rwxrwxrwx 1 10777 10777 3921 Feb 1 00:57 __init__.py -rwxrwxrwx 1 10777 10777 1096 Feb 1 00:57 _internal_utils.py -rwxrwxrwx 1 10777 10777 34210 Feb 1 00:57 models.py -rwxrwxrwx 1 10777 10777 542 Feb 1 00:57 packages.py drwxrwxrwx 2 root root 4096 May 15 21:59 __pycache__ -rwxrwxrwx 1 10777 10777 29332 May 15 21:56 sessions.py -rwxrwxrwx 1 10777 10777 4129 Feb 1 00:57 status_codes.py -rwxrwxrwx 1 10777 10777 2981 Feb 1 00:57 structures.py -rwxrwxrwx 1 10777 10777 30049 Feb 1 00:57 utils.py -rwxrwxrwx 1 10777 10777 436 Feb 1 00:57 __version__.py there was no cacert.pem file in this location - what does it mean append the public key to the cacert.pem file? i just copied the ca cert from my forescout signed CA over to this location and called it cacert.pem as it didn't exist?

Posts	2
Solutions	0
Karma Given	0
Karma Received	0
Member Since	‎05-15-2022

Online Status	Offline
Date Last Visited	‎05-16-2022 04:56 AM

SSL error: How do I fix this Forescout Adaptive Re...

Re: Forescout Adaptive Response TA - SSL error

SSL error: How do I fix this Forescout Adaptive Re...