Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

error message "Could not load workbench panels" Splunk ES - Content Management #735

Closed
caiobelmondo opened this issue Oct 12, 2020 · 3 comments
Closed

error message "Could not load workbench panels" Splunk ES - Content Management #735

caiobelmondo opened this issue Oct 12, 2020 · 3 comments

Comments

@caiobelmondo
Copy link

"panels = " without stanza in es_investigations.conf causing error message :

[panel_group://workbench_panel_group_]
label = Detect Zerologon Attack
description = Uncover activity related to the execution of Zerologon CVE-2020-11472, a technique wherein attackers target a Microsoft Windows Domain Controller to reset its computer account password. The result from this attack is attackers can now provide themselves high privileges and take over Domain Controller. The included searches in this Analytic Story are designed to identify attempts to reset Domain Controller Computer Account via exploit code remotely or via the use of tool Mimikatz as payload carrier.
disabled = 0

panels =


deleting this entry ("panels=") solves problem
@crumpetcrusher
Copy link

Thank you, just had this reported to me this morning. The stanza itself is half-finished at that... panel_group://workbench_panel_group_

10-12-2020 09:44:14.008 -0400 ERROR AdminManagerExternal - Stack trace from python handler:
Traceback (most recent call last):
  File "/opt/splunk/lib/python2.7/site-packages/splunk/admin.py", line 94, in init_persistent
    hand.execute(info)
  File "/opt/splunk/lib/python2.7/site-packages/splunk/admin.py", line 595, in execute
    if self.requestedAction == ACTION_LIST:     self.handleList(confInfo)
  File "/opt/splunk/etc/apps/SA-Utils/lib/SolnCommon/rest_handler.py", line 316, in wrapper
    r = f(self, *args, **kwargs)
  File "/opt/splunk/etc/apps/SplunkEnterpriseSecuritySuite/bin/es_investigations_rest_handler.py", line 217, in handleList
    stanza_name, stanza_attributes, klass))
  File "/opt/splunk/etc/apps/SplunkEnterpriseSecuritySuite/bin/es_investigations_rest_handler.py", line 478, in get_panels_from_stanza
    panel_list = json.loads(stanza_attributes.get('panels', '[]'))
  File "/opt/splunk/lib/python2.7/json/__init__.py", line 339, in loads
    return _default_decoder.decode(s)
  File "/opt/splunk/lib/python2.7/json/decoder.py", line 364, in decode
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())
TypeError: expected string or buffer

10-12-2020 09:44:14.008 -0400 ERROR AdminManagerExternal - Unexpected error "<type 'exceptions.TypeError'>" from python handler: "expected string or buffer".  See splunkd.log for more details.

@crumpetcrusher
Copy link

looks like it's been addressed for v3.0.8 - #682

@patel-bhavin
Copy link
Contributor

yes! @crumpetcrusher : this fix is already in the next release. Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@crumpetcrusher @patel-bhavin @caiobelmondo