Using the R7 made IDR workflow to disable accounts upon UBA trigger. The disabling works, but then I get an error with the Get RRN or Close Ticket portion. Error details below.
Any ideas?
error log:
rapid7/Rapid7 InsightIDR:4.3.0. Step name: set_status_of_investigation_action
Unauthorized (401): Unauthorized
An error occurred during plugin execution!
InsightIDR returned a status code of 401: Unauthorized
Traceback (most recent call last):
File "/usr/local/lib/python3.8/site-packages/insightconnect_plugin_runtime-4.9.0-py3.8.egg/insightconnect_plugin_runtime/plugin.py", line 376, in handle_step
output = self.start_step(
File "/usr/local/lib/python3.8/site-packages/insightconnect_plugin_runtime-4.9.0-py3.8.egg/insightconnect_plugin_runtime/plugin.py", line 556, in start_step
output = func(params)
File "/usr/local/lib/python3.8/site-packages/rapid7_insightidr_rapid7_plugin-4.3.0-py3.8.egg/komand_rapid7_insightidr/actions/set_status_of_investigation_action/action.py", line 34, in run
response = request.resource_request(endpoint, "put")
File "/usr/local/lib/python3.8/site-packages/rapid7_insightidr_rapid7_plugin-4.3.0-py3.8.egg/komand_rapid7_insightidr/util/resource_helper.py", line 120, in resource_request
raise PluginException(f"InsightIDR returned a status code of {response.status_code}: {status_code_message}")
insightconnect_plugin_runtime.exceptions.PluginException: An error occurred during plugin execution!
InsightIDR returned a status code of 401: Unauthorized