Splunk SOAR
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

"Cannot connect to WebSocket" - Phantom OVA 4.5

shivinder
Explorer
‎08-13-2019 12:37 AM

Hi

I am facing an issue where I continually keep getting a little pop-up at the top right hand side of the Phantom webpage which says - "Cannot connect to WebSocket" (Screenshot attached with this message)

alt text

I downloaded the latest OVA v4.5.15922 from my.phantom.us and imported this appliance to VirtualBox. No custom configurations at all. The host operating system is MacOS 10.14.6.

Is it happening because I am missing some setting? Any help would be appreciated.

Thanks!

Labels (1)
Labels
Tags (1)
Preview file
1 KB
Reply

sam_splunk
Splunk Employee
Splunk Employee
‎08-13-2019 08:43 AM

Can you describe how you have your network set-up in virtualbox?

0 Karma
Reply

shivinder
Explorer
‎08-14-2019 01:19 AM

Hi

For some reason my previous comment seems to have lost. I am writing it again. Sorry about that.

I did not change any settings in the Splunk Phantom OVA. Here is the screenshot of the settings dialog - https://shavi-test-bucket-01.s3-ap-southeast-2.amazonaws.com/Screen+Shot+2019-08-14+at+17.57.07.png

I did have some custom settings to my VirtualBox software. But they were disabled. Here is the screenshot of the VirtualBox settings - https://shavi-test-bucket-01.s3-ap-southeast-2.amazonaws.com/Screen+Shot+2019-08-14+at+18.02.34.png

I hope it helps.

Cheers!
Shivinder.

0 Karma
Reply

sam_splunk
Splunk Employee
Splunk Employee
‎08-21-2019 08:56 PM

Hi Shivinder, I am having trouble duplicating this behavior. I've got virtual box set up the same as your screenshots with no problem.

Could you switch your virtualbox configuration to Host-Only adapter and see if the problem persists? I'm wondering if there is a physical-link issue and we can rule that out this way.

0 Karma
Reply

shivinder
Explorer
‎08-14-2019 01:09 AM

Hi,

Thank you for replying to my question. To answer you, I did not change any settings in the default Splunk Phantom OVA image in the first place. Here is the screenshot of the settings from the image file.

https://shavi-test-bucket-01.s3-ap-southeast-2.amazonaws.com/Screen+Shot+2019-08-14+at+17.57.07.png

I did have some custom subnets configured for my VirtualBox. But I had disabled them. This is the screenshot of the settings here, if it helps.

https://shavi-test-bucket-01.s3-ap-southeast-2.amazonaws.com/Screen+Shot+2019-08-14+at+18.02.34.png

Thanks!

0 Karma
Reply

sam_splunk
Splunk Employee
Splunk Employee
‎08-14-2019 07:35 AM

No problem. However when trying to view the screenshots, AWS is requiring some authorization. Error: Requests specifying Server Side Encryption with AWS KMS managed keys require AWS Signature Version 4.

0 Karma
Reply

shivinder
Explorer
‎08-15-2019 09:56 PM

Sorry, my bad. Fixed it.

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...