All Apps and Add-ons

Why isn't the ThreatConnect App for Splunk Enterprise indexing logs?

Sanjai676
Path Finder

I have installed ThreatConnect in my lab environment and after initial configurations setting , no logs were indexed.
Could it be a case of python script error as i couldn't see any "ThreatConnect" reference in splunkd.log?

0 Karma
1 Solution

Sanjai676
Path Finder

I just found out that the Enterprise Security app is what causing the issue here. ThreatConnect doesn't work with ES..!!
I tried installing the app in a non-ES set up and it worked. Mystery solved.!

View solution in original post

0 Karma

Sanjai676
Path Finder

I just found out that the Enterprise Security app is what causing the issue here. ThreatConnect doesn't work with ES..!!
I tried installing the app in a non-ES set up and it worked. Mystery solved.!

0 Karma

gsopkoTC
Path Finder

The ThreatConnect App for Splunk is now on v2.1.2 and supports CIM and Splunk ES.

0 Karma

Sanjai676
Path Finder

i have digged a bit more into this, and what i could find is, the python script "ThreatConnect.py" in the app folder isn't executing. This script should fetch the logs from threatconnect web site. Whenever i try to run the script manually it says "importError: No module named 'threatconnect'". Im running the script from the right path and using python version 3. Can anyone suggest what's going wrong here?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...