Closed merteminoglu closed 1 year ago
remg427
commented
1 year ago Hello thank you for using misp42 This is just a warning on dashboard because I use rest command to retrieve misp42 configuration to list MISP instances
This has no impact on MISP42 commands and alert action. They run from search heads only anyway. In my main
J1mb0S1ic3
commented
1 year ago Hi, contact splunk cloud about this - thats what I did and they resolved it. There are a number of permissions you cant see or set, this is one of them, so is list storage passwords... We use the victoria experience too!
merteminoglu
commented
1 year ago Hello Everyone, Thanks a lot for your answers. We contacted with support but they didn't help because app is not supported by them. I will contact them again to have necessary permissions.
J1mb0S1ic3
commented
1 year ago Hi, it is supported, and you are asking for a capability, this is nothing to do with the app. Please log a ticket with them and ask for the 2 capabilities required - list storage passwords, and dispatch rest to indexers...
merteminoglu
commented
1 year ago Hi, Thanks a lot. Will do.
J1mb0S1ic3
commented
1 year ago I dont think this is an issue with the MISP splunk app
merteminoglu
commented
1 year ago Hello, This issue resolved with the capabilities shared. Thanks again.
Hello,
Many thanks for the efforts you put to this tool.
I am using Splunk Cloud 9.0.2303 with Victoria Experience and having "Restricting results of the "rest" operator to the local instance because you do not have the "dispatch_rest_to_indexers" capability." error:
Due to Victoria Experience, we installed the app on Search Head and I can't resolve "dispatch_rest_to_indexers" permission issue because solution requires CLI interaction on SH which Splunk Cloud doesn't provide. Please see:
https://community.splunk.com/t5/Security/Splunk-Cloud-How-do-I-run-rest-dispatch-rest-to-indexers/m-p/572887#M15683
Do you know how I can resolve this issue? Thanks in advance.