isimluk
commented
2 years ago Hello,
Thank You for reporting this issue. This seemed to be misconfiguration issue. Please double check the azure backend is properly configured.
I have tried to reproduce this issue locally by misconfiguring the azure backend, but was not successful to trigger this exact backtrace. I have however seen other similar errors, so I added missing checks for misconfiguration in https://github.com/CrowdStrike/falcon-integration-gateway/pull/104
Also, we have started creation of a proper helm-chart for deployment to kubernetes. We are in the early days for the helm chart, but if your organization uses helm to deploy to kubernetes, it may be worth consideration.
The helm chart for the FIG can be found at https://github.com/CrowdStrike/falcon-helm/blob/main/helm-charts/falcon-integration-gateway/README.md at the bottom of the readme, I have listed explicit command to deploy the chart with the azure backend.
MrCNeale
Deployed to an AKS installaition. Test detection is received successfully, with details of test vm and cmd line run. Error seen in aks container logs
File "/fig/.local/lib/python3.10/site-packages/requests/utils.py", line 978, in check_header_validity | post_data(self.workspace_id, self.primary_key, self.log(), 'FalconIntegrationGatewayLogs')
requests.exceptions.InvalidHeader: Invalid return character or leading space in header: Authorization
raise InvalidHeader("Invalid return character or leading space in header: %s" % name)
runtime.process(falcon_event)
return request('post', url, data=data, json=json, **kwargs) File "/fig/fig/backends/azure/init.py", line 55, in submit
response = post(uri, data=body, headers=headers)
I have tried multiple different values and methods, but I am base64 encoding the same way as the api client and secret, which are successfully retrieving a test detection.