Description | This article describes how to fix the 401 HMAC authentication error when using the Splunk Add-on to create records in FortiSOAR. |
Scope | FortiSOAR. |
Solution |
When attempting to create an alert in FortiSOAR using the Splunk Add-On, it consistently shows a 401 HMAC Authentication Error even after regenerating a new Public/Private Key Pair.
Many times, the time between FortiSOAR and Splunk does not remain constant, which could be due to an NTP sync issue
Error Logs:
xxxx-xx-xx 07:18:14,374 INFO pid=258830 tid=MainThread file=connection.py:__get_headers:135 | timestamp:xxxx-xx-xx 03:18:13
Verify the Date and time on both environments (Splunk and FortiSOAR) and match the time manually or sync them with the NTP server.
timedatectl timedatactl set-ntp true |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.