Splunk Forwarder Services

File Name splunkd.exe
Directory C:/Program Files/SplunkUniversalForwarder/bin
File Version Number 2050.1536.25147.51283
Product Version Number 2050.1536.25147.51283
File Description splunkd service
File Version 8.2.6
Internal Name splunkd
Legal Copyright Copyright (C) 2005-2022
Original File Name splunkd.exe
Product Name splunk Application
Product Version 8.2.6 (Build a6fe1ee8894b)
Company Name Splunk Inc.

@Tom

Proxy settings are missing for SYSTEM.

Solved by set up the proxy for Local System account.
Download PsExec.exe.

Start a command shell (cmd.exe) with administrator privileges.

PsExec -i -s cmd.exe
This will open a new cmd.exe that is running under Local System authority. You may check this by executing "whoami" command into that new command shell which will return "nt authority\system"

Open the Internet Options with this command:

inetcpl.cpl
Go to “Connections” tab, click on “LAN settings”, and set up the “Proxy server” section with the relevant proxy address and port number.

(optional) If you need to Bypass proxy server for local addresses, tick the relevant checkbox.

(optional) If you need to specify exclusions, click “Advanced” and set up the “Exceptions” section accordingly, and click “OK”.

Click “OK”, and exit all open command shells.

Secteer agent is now communicating with the Secteer backend!

@Tom

Thanks for your answer and pointing to a direction to investigate and possible solution.

Also we will update the whitelisted servers in our Proxy server.

Kind regards,

Some of our Agents having issues communication with Secteer.

White listed in the Firewall/Proxy configuration.
The addresses for Amazon trust services:

ocsp.sca1b.amazontrust.com
crt.sca1b.amazontrust.com
and to SecTeer: https://*.vulndetect.com/

In de LOG file we see;
[2023-01-16 15:05:20.849+0060] Launching SecTeer Agent
[2023-01-16 15:05:20.854+0060] Agent main loop starting
[2023-01-16 15:05:20.855+0060] Initial configuration:
version:: 2.4.2.0
authToken : 3f9b3d5b-d0b2-xxxx-xxxx-xxxxxxxxxxxx
server : agent.vulndetect.com
guid::
verbosity:: info
processTimeout:: 600 seconds
checkInInterval:: 60 seconds
checkInRetryDelay:: 20 seconds
maxCheckInRetryCount:: 2
dataRetryDelay:: 900 seconds
inspectionWindow:: 21600 seconds
timezoneOffset : +60 minutes
currentTime:: 2023-01-16 16:05:20 (local time)
checkInNow:: false
[2023-01-16 15:05:20.855+0060] Checking in with server
[2023-01-16 15:05:20.855+0060] Waiting 34 seconds before first check-in
[2023-01-16 15:05:54.869+0060] Found computer name = 'SERVER01'
[2023-01-16 15:08:01.601+0060] Error in server communication (280,226) : (0x00002ee2) => The operation timed out
[2023-01-16 15:08:01.603+0060] Failed to check in with server:

Any ideas?