Closed james-hottinger closed 1 year ago
Jannos-443
commented
2 years ago Hey James,
did you set execution policy in powershell x86?
Is the powershell output complete? (
If this does not help please enable logging and upload both log files :)
best regards
james-hottinger
commented
2 years ago Hi Jannos,
Yeah, execution policy is currently set to bypass.
the powershell output actually states 2 403 errors but then does output relevant information after the 2 errors:
Write-Result : [{"code":403,"message":"access denied, authorization failed"}]
At C:\Program Files (x86)\WindowsPowerShell\Modules\PSFalcon\2.2.2\Private\Private.ps1:604 char:17
+ Write-Result $Object
+ ~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidResult: (System.Threadin...esponseMessage]:Task`1) [Write-Result], Exception
+ FullyQualifiedErrorId : eeee02c0-1c8e-4de4-bbd4-5e7f96adc7b0,Write-Result
Write-Result : [{"code":403,"message":"access denied, authorization failed"}]
At C:\Program Files (x86)\WindowsPowerShell\Modules\PSFalcon\2.2.2\Private\Private.ps1:604 char:17
+ Write-Result $Object
+ ~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidResult: (System.Threadin...esponseMessage]:Task`1) [Write-Result], Exception
+ FullyQualifiedErrorId : 494da5db-7269-4c8d-a802-90e9db6345fa,Write-Result
<prtg><result>
<channel>CrowdScore</channel>
<value></value>
<unit>Count</unit>
</result><result>
<channel>CrowdScore changed last hour</channel>
<value></value>
<unit>Count</unit>
</result><result>
<channel>Detections new Low</channel>
<value>2</value>
<unit>Count</unit>
<limitmode>1</limitmode>yy
<LimitMaxWarning>0</LimitMaxWarning>
</result>
<result>
<channel>Detections new Medium</channel>
<value>3</value>
<unit>Count</unit>
<limitmode>1</limitmode>
<LimitMaxError>0</LimitMaxError>
</result>
<result>
<channel>Detections new High</channel>
<value></value>
<unit>Count</unit>
<limitmode>1</limitmode>
<LimitMaxError>0</LimitMaxError>
</result>
(have not pasted the full output)Logs wont attach or some reason but here are the contents of the logs:
Result of Sensor 4137.txt: [{"code":403,"message":"access denied, authorization failed"}] [{"code":403,"message":"access denied, authorization failed"}
Result of Sensor 4137.log:
Run Script: C:\Program Files (x86)\PRTG Network Monitor\custom sensors\EXEXML\PRTG-CrowdStrike.ps1
2022-09-28 09:46:34,286 [DEBUG] - Received Script Path: C:\Program Files (x86)\PRTG Network Monitor\custom sensors\EXEXML\PRTG-CrowdStrike.ps1
2022-09-28 09:46:34,287 [DEBUG] - Escaped Script Path: C:\ProgramFiles (x86)\PRTGNetwork Monitor\customsensors\EXEXML\PRTG-CrowdStrike.ps1 2022-09-28 09:47:34,219 [DEBUG] - Run Script: C:\Program Files (x86)\PRTG Network Monitor\custom sensors\EXEXML\PRTG-CrowdStrike.ps1 2022-09-28 09:47:34,253 [DEBUG] - Received Script Path: C:\Program Files (x86)\PRTG Network Monitor\custom sensors\EXEXML\PRTG-CrowdStrike.ps1 2022-09-28 09:47:34,255 [DEBUG] - Escaped Script Path: C:\Program Files`(x86)\PRTGNetwork Monitor\customsensors\EXEXML\PRTG-CrowdStrike.ps1 2022-09-28 09:48:34,245 [DEBUG] - Run Script: C:\Program Files (x86)\PRTG Network Monitor\custom sensors\EXEXML\PRTG-CrowdStrike.ps1 2022-09-28 09:48:34,286 [DEBUG] - Received Script Path: C:\Program Files (x86)\PRTG Network Monitor\custom sensors\EXEXML\PRTG-CrowdStrike.ps1 2022-09-28 09:48:34,287 [DEBUG] - Escaped Script Path: C:\Program Files`(x86)\PRTGNetwork Monitor\customsensors\EXEXML\PRTG-CrowdStrike.ps1 2022-09-28 09:49:34,230 [DEBUG] - Run Script: C:\Program Files (x86)\PRTG Network Monitor\custom sensors\EXEXML\PRTG-CrowdStrike.ps1 2022-09-28 09:49:34,264 [DEBUG] - Received Script Path: C:\Program Files (x86)\PRTG Network Monitor\custom sensors\EXEXML\PRTG-CrowdStrike.ps1 2022-09-28 09:49:34,266 [DEBUG] - Escaped Script Path: C:\Program Files`(x86)\PRTGNetwork Monitor\customsensors\EXEXML\PRTG-CrowdStrike.ps1 2022-09-28 09:50:34,209 [DEBUG] - Run Script: C:\Program Files (x86)\PRTG Network Monitor\custom sensors\EXEXML\PRTG-CrowdStrike.ps1 2022-09-28 09:50:34,247 [DEBUG] - Received Script Path: C:\Program Files (x86)\PRTG Network Monitor\custom sensors\EXEXML\PRTG-CrowdStrike.ps1 2022-09-28 09:50:34,251 [DEBUG] - Escaped Script Path: C:\Program Files`(x86)\PRTGNetwork Monitor\customsensors\EXEXML\PRTG-CrowdStrike.ps1 2022-09-28 09:51:34,216 [DEBUG] - Run Script: C:\Program Files (x86)\PRTG Network Monitor\custom sensors\EXEXML\PRTG-CrowdStrike.ps1 2022-09-28 09:51:34,252 [DEBUG] - Received Script Path: C:\Program Files (x86)\PRTG Network Monitor\custom sensors\EXEXML\PRTG-CrowdStrike.ps1 2022-09-28 09:51:34,253 [DEBUG] - Escaped Script Path: C:\Program Files`(x86)\PRTGNetwork Monitor\customsensors\EXEXML\PRTG-CrowdStrike.ps1 2022-09-28 09:52:34,209 [DEBUG] - Run Script: C:\Program Files (x86)\PRTG Network Monitor\custom sensors\EXEXML\PRTG-CrowdStrike.ps1 2022-09-28 09:52:34,244 [DEBUG] - Received Script Path: C:\Program Files (x86)\PRTG Network Monitor\custom sensors\EXEXML\PRTG-CrowdStrike.ps1 2022-09-28 09:52:34,245 [DEBUG] - Escaped Script Path: C:\Program Files`(x86)\PRTGNetwork Monitor\customsensors\EXEXML\PRTG-CrowdStrike.ps1 2022-09-28 09:53:34,211 [DEBUG] - Run Script: C:\Program Files (x86)\PRTG Network Monitor\custom sensors\EXEXML\PRTG-CrowdStrike.ps1 2022-09-28 09:53:34,244 [DEBUG] - Received Script Path: C:\Program Files (x86)\PRTG Network Monitor\custom sensors\EXEXML\PRTG-CrowdStrike.ps1 2022-09-28 09:53:34,246 [DEBUG] - Escaped Script Path: C:\Program Files`(x86)\PRTGNetwork Monitor\custom` sensors\EXEXML\PRTG-CrowdStrike.ps1
Jannos-443
commented
2 years ago 403 seems like the access to Crowdstrike is not working, could you check if the token and url are right?
The output seems also to be empty (
Hey Jannos,
Getting this error on the sensor:
XML: The returned XML does not match the expected schema. (code: PE233) -- JSON: The returned JSON does not match the expected structure (Prtg is missing). (code: PE231)
Powershell script returns data fine when run manually.
Any ideas?