- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Why is the script generating an error with Tripwir...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
I have been trying to integrate FIM and SCM logs from tripwire 8.3.7 but the script is generating the exception below:
Exception: SOAP-ENV:ClientOnly the built-in administrator can access the SOAP API while in Common Criteria mode.
Even though the Admin privileges have been assigned to the user we still see the same error on Splunk.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We found the issue, issue was on Tripwire End;
The Add-on requires complete Admin access to Tripwire Consoles.
you need to change the following entry in server.properties file on the tripwire:
tw.securityAuditLog.enabled=false
if set to true, this restricts all users except the Built-In Administrator for TE console from accessing the SOAP API
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We found the issue, issue was on Tripwire End;
The Add-on requires complete Admin access to Tripwire Consoles.
you need to change the following entry in server.properties file on the tripwire:
tw.securityAuditLog.enabled=false
if set to true, this restricts all users except the Built-In Administrator for TE console from accessing the SOAP API
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Perfect, that is exactly what I needed. Changed that and works like champ.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Has anyone found the answer to this? I've been struggling through the TE addon install, and finally have gotten to where I"m getting my assets into Splunk, but now I get this same error, and none of the data seems to be coming in. The addon instructions specifically say to create a separate user in TE for this purpose, which I have done and given it Administrator rights with all groups access as well. What is the reason for this error? Do we have to use the REST API instead of SOAP if we're not using the built-in TE admin account? Thanks.
Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!
They're back! Join the SplunkTrust and MVP at .conf24
Enterprise Security Content Update (ESCU) | New Releases
