Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
945
Views
5
Helpful
3
Replies

Splunk permission for ANC using pxGrid

Go to solution
mikoconn
Cisco Employee
Cisco Employee

‎11-27-2017 10:16 AM

Hi,

We have two users in Splunk, one Admin, one Power User. The Admin can quarantine endpoints using pxGrid workflow actions but the Power User gets an authorisation error that appears to refer to a passwords file.

External search command 'pxgremediate' returned error code 1. Script output = "ERROR Could not get Splunk_TA_cisco-ise credentials from splunk. Error: [HTTP 403] Client is not authorized to perform requested action; https://127.0.0.1:8089/servicesNS/nobody/Splunk_TA_cisco-ise/admin/passwords "

Please could you tell me if there is a way of getting the Power User, or any non-Admin user, to be able to initiate pxGrid actions without upgrading them to Admin?

Thanks,

Mike.