markcooke226
commented
11 months ago Open markcooke226 opened 11 months ago
markcooke226
commented
11 months ago 
nestoor22
commented
10 months ago Hey @dhwanis-crest. We got an error when using get_vault_tmp_dir. `Error string: 'module 'phantom.vault' has no attribute 'get_vault_tmp_dir' could you support handling this error?
dhwanis-crest
commented
10 months ago Hi Yaroslav,
Can you try it this way? https://github.com/splunk-soar-connectors/splunk/blob/next/splunk_connector.py#L1343 Also, can you confirm whether you are using Splunk SOAR Cloud or On-prem and which version of Splunk SOAR?
Thanks, Dhwani
On Fri, Nov 17, 2023 at 1:22 PM Yaroslav Nestor @.***> wrote:
[ External sender. Exercise caution. ]
Hey @dhwanis-crest https://github.com/dhwanis-crest. We got an error when using get_vault_tmp_dir. `Error string: 'module 'phantom.vault' has no attribute 'get_vault_tmp_dir' could you support handling this error?
— Reply to this email directly, view it on GitHub https://github.com/splunk-soar-connectors/recordedfuture/issues/17#issuecomment-1815891549, or unsubscribe https://github.com/notifications/unsubscribe-auth/ARGXF3D7QHTJCBRJYXTMVB3YE4JTZAVCNFSM6AAAAAA52JU2SOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMJVHA4TCNJUHE . You are receiving this because you were mentioned.Message ID: @.***>
dhwanis-crest
commented
10 months ago HI Yaroslav,
You can try this way as well
from phantom_common import pathsvault_tmp = os.path.join(paths.PHANTOM_VAULT, "/tmp")
Thanks, Dhwani
On Fri, Nov 17, 2023 at 5:20 PM Dhwani Shah (C) @.***> wrote:
Hi Yaroslav,
Can you try it this way?
https://github.com/splunk-soar-connectors/splunk/blob/next/splunk_connector.py#L1343 Also, can you confirm whether you are using Splunk SOAR Cloud or On-prem and which version of Splunk SOAR?
Thanks, Dhwani
On Fri, Nov 17, 2023 at 1:22 PM Yaroslav Nestor @.***> wrote:
[ External sender. Exercise caution. ]
Hey @dhwanis-crest https://github.com/dhwanis-crest. We got an error when using get_vault_tmp_dir. `Error string: 'module 'phantom.vault' has no attribute 'get_vault_tmp_dir' could you support handling this error?
— Reply to this email directly, view it on GitHub https://github.com/splunk-soar-connectors/recordedfuture/issues/17#issuecomment-1815891549, or unsubscribe https://github.com/notifications/unsubscribe-auth/ARGXF3D7QHTJCBRJYXTMVB3YE4JTZAVCNFSM6AAAAAA52JU2SOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMJVHA4TCNJUHE . You are receiving this because you were mentioned.Message ID: @.***>
Name of the app recordedfuture
Describe the bug When ingesting alerts or using actions that save files to the vault an invalid path is used and it produces an error.
'[Errno 2] No such file or directory: '/opt/splunk-soar/vault/tmp/<randomstring>.png'Issue stems from https://github.com/splunk-soar-connectors/recordedfuture/blob/next/recordedfuture_connector.py#L860 That path is invalid on Splunk SOAR Cloud. I believe its recommended to use the
Vault.get_vault_tmp_dir()function described here https://docs.splunk.com/Documentation/SOAR/current/DevelopApps/AppDevAPIRef#Vault to avoid hardcoding the temp directory.To Reproduce Steps to reproduce the behavior:
Expected behavior On_poll and other actions that download items to the vault should not produce an error.
Screenshots
Splunk SOAR Version (please complete the following information):
Additional context None