Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About jcas
jcas
Explorer
Member since:
02-20-2023
03-09-2023
Community Statistics
| Posts | 8 |
| Solutions | 1 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 02-20-2023 |
Activity Feed
- Posted Re: Error when trying to configure Splunk Security Essentials on All Apps and Add-ons. 03-09-2023 07:06 AM
- Posted Re: Error when trying to configure Splunk Security Essentials on All Apps and Add-ons. 03-08-2023 09:10 AM
- Posted Re: Error when trying to configure Splunk Security Essentials on All Apps and Add-ons. 03-08-2023 08:02 AM
- Posted Re: Error when trying to configure Splunk Security Essentials on All Apps and Add-ons. 02-23-2023 11:59 AM
- Posted Re: Error when trying to configure Splunk Security Essentials on All Apps and Add-ons. 02-23-2023 07:00 AM
- Posted Re: Error when trying to configure Splunk Security Essentials on All Apps and Add-ons. 02-23-2023 05:08 AM
- Posted Re: Error when trying to configure Splunk Security Essentials on All Apps and Add-ons. 02-21-2023 04:38 AM
- Posted Error when trying to configure Splunk Security Essentials? on All Apps and Add-ons. 02-20-2023 12:51 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 |
03-09-2023
07:06 AM
Yeah definitely seems weird. Maybe because Firefox is open source? Just guessing though 🙂
... View more
03-08-2023
09:10 AM
They have a pre-defined list of acceptable CAs that you can't modify. I believe it is a list approved or created by Mozilla.
... View more
03-08-2023
08:02 AM
@PickleRick In case you are interested this is the only solution I found for my issue. So short story ... There is an issue with python3 that it can't/won't respect self signed certs, there is no workaround to make it recognize your CA. You can create a unique SSL context in each of the SSE config files that don't check SSL Steps: (reference:https://stackoverflow.com/questions/27835619/urllib-and-ssl-certificate-verify-failed-error?page=1&tab=scoredesc#tab-top) cd /opt/splunk/etc/apps/Splunk_Security_Essentials/bin grep -r "urlopen(request)" /opt/splunk/etc/apps/Splunk_Security_Essentials/bin In each config file that has a urlopen command you need to modify the following: At the top of the file: import ssl context = ssl._create_unverified_context() At each urlopen line (search in vi using /urlopen) add context=context like this: urlopen(request, context=context) Re-run the grep command to make sure you have modified everything. As you noted above with all these edits we won't be able to update SSE unless we then go through this process again after updating, but unless Python changes how they do SSL verification we don't really have a choice. Thanks again for your assistance in pointing me in the right direction.
... View more
02-23-2023
11:59 AM
I think I found some of the code in SSE that is making the URL request. Would anyone be able to help me identify where I could pass a "verify=false" flag? base_url = "https://" + getConfKeyValue('web', 'settings', 'mgmtHostPort') request = six.moves.urllib.request.Request(base_url + '/services/pullJSON?config=data_inventory', headers={'Authorization': ('Splunk %s' % self.sessionKey)}) search_results = six.moves.urllib.request.urlopen(request)
... View more
02-23-2023
07:00 AM
Thanks for your reply @PickleRick. Can you provide any direction on where in the SSE config files I would need to add "verify_certificate": False to stop the app from checking the cert? I am aware this isn't ideal but I am not finding any information on making Splunk respect my CA cert that I have added to the OS ca cert file. Thanks,
... View more
02-23-2023
05:08 AM
Does anyone have any thoughts on what the issue might be? Any other information I can provide to help diagnose?
... View more
02-21-2023
04:38 AM
Hi @scelikok and @PickleRick, I don't have the "Splunk Enterprise Security Content Update" app and we have a pretty basic setup. One search head and one indexer. One thing I was seeing some information about was self signed certs potentially causing this error. We have a DNS entry that we are using and have a certificate in place that is signed by our internal CA. Again everything is working as expected in Splunk with no certificate errors, but SSE seems to not work. When I go to the Data Inventory Overview I get this error, but I thought it was maybe because I just wasn't able to add any content because that page is broken as well. Please let me know what other details I can provide to help diagnose. Thanks!
... View more
02-20-2023
12:51 PM
I am getting the following errors when trying to Discover Content.
I have tried searching online and am not finding any good reasons for this. I also tried downgrading app versions and got the same errors. We just deployed Splunk recently and have some servers reporting in. Splunk itself has no errors or issues that it is reporting.
... View more
Labels
- Labels:
-
troubleshooting
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
03-09-2023
10:27 AM
|
