https://community.cisco.com/t5/endpoint-security/cisco-amp-for-endpoints-events-input-unable-to-create-input/m-p/5143561#M8420 <P>Hi&nbsp;<SPAN class=""><A href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1538229" target="_self"><SPAN class="">Navaneethbr,</SPAN></A></SPAN></P><P><SPAN class=""><SPAN class="">Did you resolve this issue, I'm facing the same issue.&nbsp;</SPAN></SPAN></P><P><SPAN class=""><SPAN class="">I'm injesting logs from ciscoamp to heavy forwarder, but recently it stops receving logs from ciscoamp, and the same above error is shown when i check for the log file.</SPAN></SPAN></P><P><SPAN class=""><SPAN class="">I would appreciate if you could help me resolve this issue.</SPAN></SPAN></P><P>&nbsp;</P> Thu, 11 Jul 2024 12:41:57 GMT Muhammadibrahim69152 2024-07-11T12:41:57Z https://community.cisco.com/t5/endpoint-security/cisco-amp-for-endpoints-events-input-unable-to-create-input/m-p/4862321#M7629 <P>Hello Team,&nbsp;</P><P>I am trying to get Cisco AMP4e logs to Splunk, while configuring the input I am getting below error.</P><P>Add-on -&nbsp;Cisco AMP for Endpoints Events Input - 3.0.0</P><P>Splunk Version - 8.2.7<BR />Note: The API host, ID and Key are correct. Verified with below command.</P><P><SPAN>url --request GET '<A href="https://api.amp.cisco.com/v1/events" target="_blank" rel="noopener">https://api.amp.cisco.com/v1/events</A>' -u 'my api id:my api key'</SPAN></P><P><BR />Error while creating the Input</P><P>Warning! We couldn’t retrieve the information from API with provided credentials. Please make sure the API host is accessible or re-configure the input with correct credentials.<BR /><BR />Error from&nbsp;/opt/splunk/var/log/splunk/amp4e_events_input.log</P><P>2023-06-26 05:35:34,486 ERROR Amp4eEvents - SSLError(MaxRetryError("HTTPSConnectionPool(host='api.amp.cisco.com', port=443): Max retries exceeded with url: /v1/event_streams/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1106)')))"))<BR />ssl_context=context,<BR />File "/opt/splunk/lib/python3.7/site-packages/urllib3/util/ssl_.py", line 377, in ssl_wrap_socket<BR />File "/opt/splunk/lib/python3.7/ssl.py", line 423, in wrap_socket<BR />File "/opt/splunk/lib/python3.7/ssl.py", line 870, in _create<BR />File "/opt/splunk/lib/python3.7/ssl.py", line 1139, in do_handshake<BR />self._sslobj.do_handshake()<BR />ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1106)<BR />urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='api.amp.cisco.com', port=443): Max retries exceeded with url: /v1/event_types/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1106)')))<BR />requests.exceptions.SSLError: HTTPSConnectionPool(host='api.amp.cisco.com', port=443): Max retries exceeded with url: /v1/event_types/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1106)')))<BR />ssl_context=context,<BR />File "/opt/splunk/lib/python3.7/site-packages/urllib3/util/ssl_.py", line 377, in ssl_wrap_socket<BR />File "/opt/splunk/lib/python3.7/ssl.py", line 423, in wrap_socket<BR />File "/opt/splunk/lib/python3.7/ssl.py", line 870, in _create<BR />File "/opt/splunk/lib/python3.7/ssl.py", line 1139, in do_handshake<BR />self._sslobj.do_handshake()<BR />ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1106)<BR />urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='api.amp.cisco.com', port=443): Max retries exceeded with url: /v1/event_types/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1106)')))<BR />requests.exceptions.SSLError: HTTPSConnectionPool(host='api.amp.cisco.com', port=443): Max retries exceeded with url: /v1/event_types/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1106)')))<BR /><BR /><BR />Can anyone help with solution for this issue?<BR /><BR />Regards,<BR />Navaneeth BR</P> Mon, 26 Jun 2023 11:08:28 GMT https://community.cisco.com/t5/endpoint-security/cisco-amp-for-endpoints-events-input-unable-to-create-input/m-p/4862321#M7629 navaneethbr 2023-06-26T11:08:28Z https://community.cisco.com/t5/endpoint-security/cisco-amp-for-endpoints-events-input-unable-to-create-input/m-p/4862354#M7630 The python that Splunk AMP app doesn't trust the cert its seeing.<BR /><BR />Are you using WSA or Umbrella SIG where it's decrypting the web requests? Set this destination to not be decrypted.<BR /> Mon, 26 Jun 2023 11:49:21 GMT https://community.cisco.com/t5/endpoint-security/cisco-amp-for-endpoints-events-input-unable-to-create-input/m-p/4862354#M7630 Ken Stieers 2023-06-26T11:49:21Z https://community.cisco.com/t5/endpoint-security/cisco-amp-for-endpoints-events-input-unable-to-create-input/m-p/5143561#M8420 <P>Hi&nbsp;<SPAN class=""><A href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1538229" target="_self"><SPAN class="">Navaneethbr,</SPAN></A></SPAN></P><P><SPAN class=""><SPAN class="">Did you resolve this issue, I'm facing the same issue.&nbsp;</SPAN></SPAN></P><P><SPAN class=""><SPAN class="">I'm injesting logs from ciscoamp to heavy forwarder, but recently it stops receving logs from ciscoamp, and the same above error is shown when i check for the log file.</SPAN></SPAN></P><P><SPAN class=""><SPAN class="">I would appreciate if you could help me resolve this issue.</SPAN></SPAN></P><P>&nbsp;</P> Thu, 11 Jul 2024 12:41:57 GMT https://community.cisco.com/t5/endpoint-security/cisco-amp-for-endpoints-events-input-unable-to-create-input/m-p/5143561#M8420 Muhammadibrahim69152 2024-07-11T12:41:57Z