Hello all, I'm trying to install Palo Alto Add-On to integrate Cortex XDR on Splunk. I followed the steps in https://splunk.paloaltonetworks.com/cortex-xdr.html configured Tenant Name, API Key ID and API Key but when tries to retrieve events this error it's logged: File "/opt/splunk/etc/apps/Splunk_TA_paloalto/bin/splunk_ta_paloalto/aob_py3/requests/adapters.py", line 516, in send raise ConnectionError(e, request=request) requests.exceptions.ConnectionError: HTTPSConnectionPool(host='api-https', port=443): Max retries exceeded with url: //masked_tenant_name.xdr.masked_tenant_region.paloaltonetworks.com/.xdr.masked_tenant_region.paloaltonetworks.com/public_api/v1/incidents/get_incidents/ (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7f1afcb645d0>: Failed to establish a new connection: [Errno -2] Name or service not known')) As you can see, after the message "Max retries exceeded with url:" the URL doesn't contain "https:", well this cannot be the problem. The configuration it's this: Name = DEV_XDR Interval = 60 Index = default Status = false Tenant Namehttps://masked_tenant_name.xdr.masked_tenant_region.paloaltonetworks.com/ Tenant Region = masked_tenant_region API Key ID******** API Key******** I tried "curl" from server with add-on to the tenant URL, and the URL can be reached Before openning a case in Palo Alto, did anyone had this problem or similar before?
... View more