Splunk SOAR

"Cannot connect to WebSocket" - Phantom OVA 4.5

shivinder
Explorer

Hi

I am facing an issue where I continually keep getting a little pop-up at the top right hand side of the Phantom webpage which says - "Cannot connect to WebSocket" (Screenshot attached with this message)

alt text

I downloaded the latest OVA v4.5.15922 from my.phantom.us and imported this appliance to VirtualBox. No custom configurations at all. The host operating system is MacOS 10.14.6.

Is it happening because I am missing some setting? Any help would be appreciated.

Thanks!

Labels (1)
Tags (1)

sam_splunk
Splunk Employee
Splunk Employee

Can you describe how you have your network set-up in virtualbox?

0 Karma

shivinder
Explorer

Hi

For some reason my previous comment seems to have lost. I am writing it again. Sorry about that.

I did not change any settings in the Splunk Phantom OVA. Here is the screenshot of the settings dialog - https://shavi-test-bucket-01.s3-ap-southeast-2.amazonaws.com/Screen+Shot+2019-08-14+at+17.57.07.png

I did have some custom settings to my VirtualBox software. But they were disabled. Here is the screenshot of the VirtualBox settings - https://shavi-test-bucket-01.s3-ap-southeast-2.amazonaws.com/Screen+Shot+2019-08-14+at+18.02.34.png

I hope it helps.

Cheers!
Shivinder.

0 Karma

sam_splunk
Splunk Employee
Splunk Employee

Hi Shivinder, I am having trouble duplicating this behavior. I've got virtual box set up the same as your screenshots with no problem.

Could you switch your virtualbox configuration to Host-Only adapter and see if the problem persists? I'm wondering if there is a physical-link issue and we can rule that out this way.

0 Karma

shivinder
Explorer

Hi,

Thank you for replying to my question. To answer you, I did not change any settings in the default Splunk Phantom OVA image in the first place. Here is the screenshot of the settings from the image file.

https://shavi-test-bucket-01.s3-ap-southeast-2.amazonaws.com/Screen+Shot+2019-08-14+at+17.57.07.png

I did have some custom subnets configured for my VirtualBox. But I had disabled them. This is the screenshot of the settings here, if it helps.

https://shavi-test-bucket-01.s3-ap-southeast-2.amazonaws.com/Screen+Shot+2019-08-14+at+18.02.34.png

Thanks!

0 Karma

sam_splunk
Splunk Employee
Splunk Employee

No problem. However when trying to view the screenshots, AWS is requiring some authorization. Error: Requests specifying Server Side Encryption with AWS KMS managed keys require AWS Signature Version 4.

0 Karma

shivinder
Explorer

Sorry, my bad. Fixed it.

0 Karma
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...