Hello,
I've installed Proofpoint - ET Splunk TA v1.1.5 on Splunk Enterprise v7.2.9.1 and I need to configure a Proxy for exit on Internet.
- Issue:
I need to use a Proxy for exit on Internet, and when I set Proxy globally on OS, I can contact all sites, but Proofpoint - ET Splunk TA cannot contact Proofpoint API through Proxy, I assume that App contact Proofpoint API directly.
After some debugging, I've seen line 101 on $SPLUNK_HOME/etc/apps/TA-etintel/bin/update_repdata.py file that reports
def make_url(authcode, fname):
url = 'https://rules.emergingthreatspro.com/{0}/reputation/{1}'.format(
authcode, fname)
request = Request(url)
logger.debug("Version is %s", VERSION)
agent = "ET-SPLUNK-TA (" + VERSION + ")"
logger.debug("User-agent is %s", agent)
request.add_header("User-agent", agent)
return request
I want to know how to setup Proxy lines into the script for exit Internet.
I suggest to make a modification on next App version, and add option to allow the user to modify Proxy Settings through App Web Interface on Splunk.
Any suggestion for quick resolve with a WA?
Regards
Hello,
I managed the change of the proxy with following modification in $SPLUNK_HOME/etc/apps/TA-etintel/bin/update_repdata.py
- Original script -
def make_url(authcode, fname):
url = 'https://rules.emergingthreatspro.com/{0}/reputation/{1}'.format(
authcode, fname)
request = Request(url)
request.set_proxy('http://<your_proxy>:<your_port>','http')
logger.debug("Version is %s", VERSION)
agent = "ET-SPLUNK-TA (" + VERSION + ")"
logger.debug("User-agent is %s", agent)
request.add_header("User-agent", agent)
return request
- Modified script (adding "request.set_proxy" below line 104) -
def make_url(authcode, fname):
url = 'https://rules.emergingthreatspro.com/{0}/reputation/{1}'.format(
authcode, fname)
request = Request(url)
request.set_proxy('http://<your_proxy>:<your_port>','http')
logger.debug("Version is %s", VERSION)
agent = "ET-SPLUNK-TA (" + VERSION + ")"
logger.debug("User-agent is %s", agent)
request.add_header("User-agent", agent)
return request
Thank you.
Hello,
I managed the change of the proxy with following modification in $SPLUNK_HOME/etc/apps/TA-etintel/bin/update_repdata.py
- Original script -
def make_url(authcode, fname):
url = 'https://rules.emergingthreatspro.com/{0}/reputation/{1}'.format(
authcode, fname)
request = Request(url)
request.set_proxy('http://<your_proxy>:<your_port>','http')
logger.debug("Version is %s", VERSION)
agent = "ET-SPLUNK-TA (" + VERSION + ")"
logger.debug("User-agent is %s", agent)
request.add_header("User-agent", agent)
return request
- Modified script (adding "request.set_proxy" below line 104) -
def make_url(authcode, fname):
url = 'https://rules.emergingthreatspro.com/{0}/reputation/{1}'.format(
authcode, fname)
request = Request(url)
request.set_proxy('http://<your_proxy>:<your_port>','http')
logger.debug("Version is %s", VERSION)
agent = "ET-SPLUNK-TA (" + VERSION + ")"
logger.debug("User-agent is %s", agent)
request.add_header("User-agent", agent)
return request
Thank you.
have you tried to set
export HTTP_PROXY=http://proxy:port
in Splunk init or Unit file? The Request python module supports proxy configuration by setting the environment variables:
https://2.python-requests.org/en/v2.8.1/user/advanced/#proxies