Splunk SOAR (f.k.a. Phantom)
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to fix error with access token string?

jeffminkah20
Observer
‎07-20-2022 06:35 AM

Am trying to access Crowdstrike Intel endpoint where oauth2 token is needed. When I test asset connectivity, I get below error message which I believe is due to the length of the token string. How do I fix this error ?

ERROR MESSAGE

Using provided token to authenticate
Got error: 401
2 actions failed handle_action exception occurred. Error string: ''access_token''
Labels (1)
Labels
0 Karma
Reply

phanTom
SplunkTrust
SplunkTrust
‎07-21-2022 09:25 AM

@jeffminkah20 

What version of SOAR are you on and which app specifically are you using? CrowdStrike OAUTH? ANd what version of the app?

Are you definitely putting the correct items in the correct configuration parameters in the asset? I can't see them being too long as being the issue as they would be generated by CrowdStrike and they built the app. I have also seen many customers use this app with no issues setting up. 

If you are in version 5.x of SOAR then you can access the IDE by pressing the eye symbol to the right of the app and view the code and also run the "test connectivity" action where you should be able to see a bit more verbosity output in the window below.

The error seems to relate to the code trying to grab the `access_token` key from either the REST call response or from the local state file but without more verbosity in the error message I can't pin down the code section that is actually erroring, but i suspect it's the `_get_token` function which doesn't really have a lot of moving parts which is why i think maybe the auth items (client_id & client_secret) may be either incorrect or not allowed to generate a token on the CS side?

Validate all the configuration items, then look to use the IDE to see if you can get more verbosity. You can also clone it and add some debugging statements in to see what's being calculated and what isn't. The `access_string` key seems to relate to the constant CROWDSTRIKE_OAUTH_ACCESS_TOKEN_STRING.

0 Karma
Reply

jeffminkah20
Observer
‎07-21-2022 11:44 AM

Thanks for your response. Cloning the app and debugging helped fix the error.

0 Karma
Reply

jeffminkah20
Observer
‎07-21-2022 09:09 AM

Can I please get some response on this 

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...