Rapid7 Nexpose Technology Add-On for Splunk: Why d...

ssodhi · ‎12-04-2017

can someone confirm if this module is even working properly ?
when I install it, all of my indexes won't work anymore, and once I disable it and reboot splunk, everything is back to normal.

appreciate your help.

ssodhi · ‎12-21-2017

I got it working, somehow,
its just 1 issue. I can't figure it out how to query historical riskscore PER ASSET! it does do it per site but not asset.

seems like its just scanning December completely,
when I change the time period to see everything through November, eventhu the SITES are the same, I just see less assets, less vuls,

how do I do that?

dvickery · ‎01-19-2018

How did you get it working? I'm having a similar issue. We upgraded Nexpose consoles and the app stopped pulling any data.

jonathan_stewar · ‎12-06-2017

hi - thanks they are the apps that work together for Rapid7.
It's not an issue we've seen before. We wouldn't be able to debug your Splunk instance or the other Add-Ons but we can look at the Rapid7 App logs to double check them.
The logs required and support contact are here on the details tab: https://splunkbase.splunk.com/app/3457/#/details
Jonathan.

ssodhi · ‎12-18-2017

I just installed a fresh splunk server,
installed those 2 addons, and it shows nothing.
nothing is getting pulled by rapid7 module. opened a case just now and sent 2 log files.

ssodhi · ‎12-05-2017

https://splunkbase.splunk.com/app/3492/
https://splunkbase.splunk.com/app/3457/

these 2 addons were being installed, then all the indexes stopped indexing,. i,e Sophos API, OWA, Firewall,

should I create a new index? have you seen this before?

jonathan_stewar · ‎12-05-2017

Hi ssodhi,
Yes, it is working, how is it being installed?

ssodhi · ‎12-05-2017

I have installed these 2, just followed the instruction.

https://splunkbase.splunk.com/app/3492/
https://splunkbase.splunk.com/app/3457/

then realized all of my addons stopped working, i.e Sophos API, Hurricane Firewall API, ...
should I create a new index?! have you seen this issue before?

Thanks

ssodhi · ‎12-05-2017

here's the error from one of the module that doesn't work anymore.

12-05-2017 13:18:18.208 -0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/sophos_central/bin/sophos_events.py" Traceback (most recent call last):
12-05-2017 13:18:18.208 -0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/sophos_central/bin/sophos_events.py" File "/opt/splunk/etc/apps/sophos_central/bin/sophos_events.py", line 91, in
12-05-2017 13:18:18.208 -0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/sophos_central/bin/sophos_events.py" main()
12-05-2017 13:18:18.208 -0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/sophos_central/bin/sophos_events.py" File "/opt/splunk/etc/apps/sophos_central/bin/sophos_events.py", line 31, in main
12-05-2017 13:18:18.208 -0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/sophos_central/bin/sophos_events.py" endpoint, apiKey, auth = getCredentials(sessionKey)
12-05-2017 13:18:18.208 -0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/sophos_central/bin/sophos_events.py" File "/opt/splunk/etc/apps/sophos_central/bin/sophos_events.py", line 17, in getCredentials
12-05-2017 13:18:18.208 -0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/sophos_central/bin/sophos_events.py" if "central.sophos.com" in c['realm']:
12-05-2017 13:18:18.208 -0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/sophos_central/bin/sophos_events.py" TypeError: argument of type 'NoneType' is not iterable

woodcock · ‎12-04-2017

Where are you deploying it?

Rapid7 Nexpose Technology Add-On for Splunk: Why did all of my indexes stop working?

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life