welcome-to-palo-alto-networks[bot]
commented
2 years ago :tada: Thanks for opening your first issue here! Welcome to the community!
Open BobBarnesMN opened 2 years ago
welcome-to-palo-alto-networks[bot]
commented
2 years ago :tada: Thanks for opening your first issue here! Welcome to the community!
Describe the bug
By default, splunk.entity.getEntities only returns the first 30 entries it finds. We have twistlock installed on a heavy forwarder with 38 other passwords (one TA stores previous passwords to prevent re-use). The twistlock TA doesn't find our password in the first 30 and it bombs out
Expected behavior
It should look at all passwords to find the one it needs
Current behavior
splunk.entity.getEntities gets the first 30 by default
Possible solution
Add "count=0" to the getEntities call in get_credentials: entities = entity.getEntities( ["storage", "passwords"], namespace="twistlock", count=0, owner="nobody", sessionKey=session_key)
This is a one-line fix to https://github.com/PaloAltoNetworks/prisma-cloud-compute-splunk/pull/9
I am not fluent in github and I'm not sure how to submit a PR to a PR, so I'm just listing this here in case someone else wants to fix this
Steps to reproduce
If you add 31 passwords to other TAs on the splunk server that houses twistlock, you will not be able to see the 31st.
Screenshots
none
Context
Trying to get twistlock TA running on a heavy forwarder with many other TAs.
Your Environment
Using Splunk 8.2.2