Splunk SOAR (f.k.a. Phantom)
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

"Cannot connect to WebSocket" - Phantom OVA 4.5

shivinder
Explorer
‎08-13-2019 12:37 AM

Hi

I am facing an issue where I continually keep getting a little pop-up at the top right hand side of the Phantom webpage which says - "Cannot connect to WebSocket" (Screenshot attached with this message)

alt text

I downloaded the latest OVA v4.5.15922 from my.phantom.us and imported this appliance to VirtualBox. No custom configurations at all. The host operating system is MacOS 10.14.6.

Is it happening because I am missing some setting? Any help would be appreciated.

Thanks!

Labels (1)
Labels
Tags (1)
Preview file
1 KB
Reply

sam_splunk
Splunk Employee
Splunk Employee
‎08-13-2019 08:43 AM

Can you describe how you have your network set-up in virtualbox?

0 Karma
Reply

shivinder
Explorer
‎08-14-2019 01:19 AM

Hi

For some reason my previous comment seems to have lost. I am writing it again. Sorry about that.

I did not change any settings in the Splunk Phantom OVA. Here is the screenshot of the settings dialog - https://shavi-test-bucket-01.s3-ap-southeast-2.amazonaws.com/Screen+Shot+2019-08-14+at+17.57.07.png

I did have some custom settings to my VirtualBox software. But they were disabled. Here is the screenshot of the VirtualBox settings - https://shavi-test-bucket-01.s3-ap-southeast-2.amazonaws.com/Screen+Shot+2019-08-14+at+18.02.34.png

I hope it helps.

Cheers!
Shivinder.

0 Karma
Reply

sam_splunk
Splunk Employee
Splunk Employee
‎08-21-2019 08:56 PM

Hi Shivinder, I am having trouble duplicating this behavior. I've got virtual box set up the same as your screenshots with no problem.

Could you switch your virtualbox configuration to Host-Only adapter and see if the problem persists? I'm wondering if there is a physical-link issue and we can rule that out this way.

0 Karma
Reply

shivinder
Explorer
‎08-14-2019 01:09 AM

Hi,

Thank you for replying to my question. To answer you, I did not change any settings in the default Splunk Phantom OVA image in the first place. Here is the screenshot of the settings from the image file.

https://shavi-test-bucket-01.s3-ap-southeast-2.amazonaws.com/Screen+Shot+2019-08-14+at+17.57.07.png

I did have some custom subnets configured for my VirtualBox. But I had disabled them. This is the screenshot of the settings here, if it helps.

https://shavi-test-bucket-01.s3-ap-southeast-2.amazonaws.com/Screen+Shot+2019-08-14+at+18.02.34.png

Thanks!

0 Karma
Reply

sam_splunk
Splunk Employee
Splunk Employee
‎08-14-2019 07:35 AM

No problem. However when trying to view the screenshots, AWS is requiring some authorization. Error: Requests specifying Server Side Encryption with AWS KMS managed keys require AWS Signature Version 4.

0 Karma
Reply

shivinder
Explorer
‎08-15-2019 09:56 PM

Sorry, my bad. Fixed it.

0 Karma
Reply
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

REGISTER NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If ...

Observability | Use Synthetic Monitoring for Website Metadata Verification

If you are on Splunk Observability Cloud, you may already have Synthetic Monitoringin your observability ...

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...