Permanent loading in configuration page

[IsaacA11]

Hello, I installed MISP42SPLUNK recently, Installation went smoothly no issues on that. After installation, I tried going to the Configurations page, It gets stuck on a permanent loading screen, I can't get the configurations page to work on the environment, its very odd because I installed it on a different machine and it works just fine, but on the machine I want it, it doesn't. I tried configuring the instance on the machine that is working and move the files within local (misp42splunk_instances.conf) But is not able to hash/encrypt the key, neither to create the passwords.conf when I restart, Any Advices here? I can see an error on the scripts credentials.py and handler.py

[remg427]

Hi thanks for using misp42 Typical issue could be that rest endpoint are not properly set Have you upgrade from previous version? Do you use TA-thehive? My recommendation would be to remove app MISP42 and TA-thehive if any restart splunk Install MISP42 Restart splunk Look in splunkd for any missing py scripts to load rest endpoints

Error on creds is normal because each instance has a different key to encrypt pwd so passwords.conf cannot be copied Hope it will fix issue -- Sent with K-9 Mail.

[IsaacA11]

Hey Remg427, Thank you for your comment, This is a brand new installation, No TA-thehive on the installation either, Something odd I found is that if I go to Manage apps -> and Click on View Objects, The host that is working has 34 objects, but the one that is not working has 13 objects, Even if I'm installing it from the same .tgz file

EDIT: The reason why it had less objects was because I changed something, re-installing now

[IsaacA11]

Re-installed the app, now having 34 objects, But still having the same issue. Thank you for commenting

[remg427]

Have you restarted splunk? When going to configuration page you should see some error message in var/log/splunk/splunkd.log -- Sent with K-9 Mail.

[IsaacA11]

I could not copied and paste the error, but here is a SS, I did restarted it

[IsaacA11]

This is what happens, Can't create the input.

[remg427]

Hi, is error still current. I yes would recommend to delete misp42 folder restart splunk and reinstall it looked like some conf files were empty or missing

[mcj323s]

I am seeing a similar issue. Same error. 03-07-2022 10:51:28.511 -0700 ERROR AdminManagerExternal - Unexpected error "<class 'splunktaucclib.rest_handler.error.RestError'>" from python handler: "REST Error [500]: Internal Server Error -- Traceback (most recent call last):\n File "/opt/splunk/etc/apps/misp42splunk/lib/splunktaucclib/rest_handler/handler.py", line 124, in wrapper\n for name, data, acl in meth(self, *args, *kwargs):\n File "/opt/splunk/etc/apps/misp42splunk/lib/splunktaucclib/rest_handler/handler.py", line 345, in _format_all_response\n self._encrypt_raw_credentials(cont["entry"])\n File "/opt/splunk/etc/apps/misp42splunk/lib/splunktaucclib/rest_handler/handler.py", line 375, in _encrypt_raw_credentials\n change_list = rest_credentials.decrypt_all(data)\n File "/opt/splunk/etc/apps/misp42splunk/lib/splunktaucclib/rest_handler/credentials.py", line 293, in decrypt_all\n all_passwords = credential_manager._get_all_passwords()\n File "/opt/splunk/etc/apps/misp42splunk/lib/solnlib/utils.py", line 153, in wrapper\n return func(args, **kwargs)\n File "/opt/splunk/etc/apps/misp42splunk/lib/solnlib/credentials.py", line 283, in _get_all_passwords\n clear_password += field_clear[index]\nTypeError: can only concatenate str (not "NoneType") to str\n". See splunkd.log for more details.

[mcj323s]

I found out the issue which is rather complex relates to this same apps issue. The app tries to dehash all of the other password.conf files from other apps that are set globally. This causes a problem with apps that are deployed from other servers. This issue comes down to the actual add-on builder. And a specific line of code. See this help discussion. https://community.splunk.com/t5/All-Apps-and-Add-ons/CrowdStrike-app-fails-Fail-to-decrypt-the-encrypted-credential/m-p/46948 6

[remg427]

thank you for researching on issue. this is related to Add-on builder library and fact that broken passwords.conf is present on search head. I close issue as I cannot handle this error in my code