I have installed ThreatConnect in my lab environment and after initial configurations setting , no logs were indexed.
Could it be a case of python script error as i couldn't see any "ThreatConnect" reference in splunkd.log?
I just found out that the Enterprise Security app is what causing the issue here. ThreatConnect doesn't work with ES..!!
I tried installing the app in a non-ES set up and it worked. Mystery solved.!
I just found out that the Enterprise Security app is what causing the issue here. ThreatConnect doesn't work with ES..!!
I tried installing the app in a non-ES set up and it worked. Mystery solved.!
The ThreatConnect App for Splunk is now on v2.1.2 and supports CIM and Splunk ES.
i have digged a bit more into this, and what i could find is, the python script "ThreatConnect.py" in the app folder isn't executing. This script should fetch the logs from threatconnect web site. Whenever i try to run the script manually it says "importError: No module named 'threatconnect'". Im running the script from the right path and using python version 3. Can anyone suggest what's going wrong here?