can someone confirm if this module is even working properly ?
when I install it, all of my indexes won't work anymore, and once I disable it and reboot splunk, everything is back to normal.
appreciate your help.
I got it working, somehow,
its just 1 issue. I can't figure it out how to query historical riskscore PER ASSET! it does do it per site but not asset.
seems like its just scanning December completely,
when I change the time period to see everything through November, eventhu the SITES are the same, I just see less assets, less vuls,
how do I do that?
How did you get it working? I'm having a similar issue. We upgraded Nexpose consoles and the app stopped pulling any data.
hi - thanks they are the apps that work together for Rapid7.
It's not an issue we've seen before. We wouldn't be able to debug your Splunk instance or the other Add-Ons but we can look at the Rapid7 App logs to double check them.
The logs required and support contact are here on the details tab: https://splunkbase.splunk.com/app/3457/#/details
Jonathan.
I just installed a fresh splunk server,
installed those 2 addons, and it shows nothing.
nothing is getting pulled by rapid7 module. opened a case just now and sent 2 log files.
https://splunkbase.splunk.com/app/3492/
https://splunkbase.splunk.com/app/3457/
these 2 addons were being installed, then all the indexes stopped indexing,. i,e Sophos API, OWA, Firewall,
should I create a new index? have you seen this before?
Hi ssodhi,
Yes, it is working, how is it being installed?
I have installed these 2, just followed the instruction.
https://splunkbase.splunk.com/app/3492/
https://splunkbase.splunk.com/app/3457/
then realized all of my addons stopped working, i.e Sophos API, Hurricane Firewall API, ...
should I create a new index?! have you seen this issue before?
Thanks
here's the error from one of the module that doesn't work anymore.
12-05-2017 13:18:18.208 -0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/sophos_central/bin/sophos_events.py" Traceback (most recent call last):
12-05-2017 13:18:18.208 -0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/sophos_central/bin/sophos_events.py" File "/opt/splunk/etc/apps/sophos_central/bin/sophos_events.py", line 91, in
12-05-2017 13:18:18.208 -0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/sophos_central/bin/sophos_events.py" main()
12-05-2017 13:18:18.208 -0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/sophos_central/bin/sophos_events.py" File "/opt/splunk/etc/apps/sophos_central/bin/sophos_events.py", line 31, in main
12-05-2017 13:18:18.208 -0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/sophos_central/bin/sophos_events.py" endpoint, apiKey, auth = getCredentials(sessionKey)
12-05-2017 13:18:18.208 -0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/sophos_central/bin/sophos_events.py" File "/opt/splunk/etc/apps/sophos_central/bin/sophos_events.py", line 17, in getCredentials
12-05-2017 13:18:18.208 -0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/sophos_central/bin/sophos_events.py" if "central.sophos.com" in c['realm']:
12-05-2017 13:18:18.208 -0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/sophos_central/bin/sophos_events.py" TypeError: argument of type 'NoneType' is not iterable
Where are you deploying it?