- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- iSight Partners ThreatScape app not receiving any ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have installed the iSight Partners ThreatScape app in Splunk ( latest version ) however i am not getting any data for the app.
The app has been installed correctly as i can see the indexes the app has created. I have also set the correct API keys and selected all the feeds i need.
I thought it may be a proxy issue however the host is able to connect to api.isightpartners.com without an issue.
The app has now been installed for more than a day and the index remains empty. Is there any way to 'debug' an app or view app specific logs?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
got it working by changing the script path in inputs.conf ( app specific ) to [script://$SPLUNK_HOME\etc\apps\iSIGHTPartners_ThreatScape_App\bin\fetch_indicators.py 15]
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
got it working by changing the script path in inputs.conf ( app specific ) to [script://$SPLUNK_HOME\etc\apps\iSIGHTPartners_ThreatScape_App\bin\fetch_indicators.py 15]
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Worth mentioning that my Splunk Instance is running on Windows ( Dev instance ) .
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think i tracked down the error in the logs which appears to be :
04-04-2017 12:33:05.524 +0100 ERROR FrameworkUtils - Incorrect path to script: .\bin\fetch_indicators.py. Script must be located inside $SPLUNK_HOME\bin\scripts.
04-04-2017 12:33:05.524 +0100 ERROR ExecProcessor - Ignoring: ".\bin\fetch_indicators.py 15"
04-04-2017 12:33:05.524 +0100 ERROR FrameworkUtils - Incorrect path to script: .\bin\fetch_iocs.py. Script must be located inside $SPLUNK_HOME\bin\scripts.
04-04-2017 12:33:05.524 +0100 ERROR ExecProcessor - Ignoring: ".\bin\fetch_iocs.py 15"
04-04-2017 12:33:05.524 +0100 ERROR FrameworkUtils - Incorrect path to script: .\bin\fetch_vulnerabilities.py. Script must be located inside $SPLUNK_HOME\bin\scripts.
04-04-2017 12:33:05.524 +0100 ERROR ExecProcessor - Ignoring: ".\bin\fetch_vulnerabilities.py 15"
Those scripts its trying to launch are located in the splunk_home\etc\apps\iSIGHTPartners_ThreatScape_App\bin
I have registered the paths using splunks envars command/batch script.
Introducing the 2024 SplunkTrust!
Introducing the 2024 Splunk MVPs!
Splunk Custom Visualizations App End of Life
