Splunk SOAR (f.k.a. Phantom)

Splunk HTTP app failing to authenticate w/ OAuth

knot9
Observer

I'm configuring the SOAR/Phantom app - Splunk HTTP. I've set it up to use OAuth, provided the authentication URL and the clientID & secret. When I test connectivity it says the action failed with: "1 action failed Error fetching token from https://api.domain/oauth2/token. Server returned 201". The thing is the API is supposed to return a 201 when the authentication succeeds. 

Is there a place to edit the app to allow a 201 response as a successful request? 

Labels (2)
0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!