All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Python Script is erroring out at ZeusIPs

andresmanriquez
Engager
‎07-24-2019 11:19 AM

We noticed that the threat intel is not being populated using the Obelisk Threat Intel App for majority of the Intel sources. The error code received was:

Traceback (most recent call last):
 File "/opt/splunk/etc/apps/TA_obelisk-threat/bin/obelisk_threat_intel.py", line 1015, in 
   main()
 File "/opt/splunk/etc/apps/TA_obelisk-threat/bin/obelisk_threat_intel.py", line 935, in main
   parseZeus(raw_threatlist)
 File "/opt/splunk/etc/apps/TA_obelisk-threat/bin/obelisk_threat_intel.py", line 635, in parseZeus
   zeusIPs = zeusIPs[2].split('\n')
IndexError: list index out of range
Reply

derekarnold
Communicator
‎07-25-2019 11:50 AM

Thanks for bringing this to my attention. This has been fixed in the latest release.

0 Karma
Reply

pmelon
Explorer
‎10-03-2019 07:07 AM

I'm getting the below:

bash-4.2$ /opt/splunk/bin/splunk cmd python /opt/splunk/etc/apps/TA_obelisk-threat/bin/obelisk_threat_intel.py
logfile_name: /opt/splunk/etc/apps/TA_obelisk-threat/logs/obelisk_threat_lists_script10-03-2019-14-01-21.log
[*] Script Started at: 10-03-2019 14:01:21 GMT

[*] Script version: 3.4.6
URL: http://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt
user_agent_bool: true
Finished retrieving 849 IPs from SpamHaus.
Finished retrieving 23 IPs from Dshield.
Traceback (most recent call last):
File "/opt/splunk/etc/apps/TA_obelisk-threat/bin/obelisk_threat_intel.py", line 1076, in
main()
File "/opt/splunk/etc/apps/TA_obelisk-threat/bin/obelisk_threat_intel.py", line 966, in main
parseEmergingThreatsBlockList(raw_threatlist)
File "/opt/splunk/etc/apps/TA_obelisk-threat/bin/obelisk_threat_intel.py", line 750, in parseEmergingThreatsBlockList
feodoIPs = p[0].split()
IndexError: list index out of range

I'll try to fix it myself, but I thought you would want to know. If I do fix, I'll dump it here.

0 Karma
Reply

andresmanriquez
Engager
‎07-24-2019 11:19 AM

This was solved by commenting it out. It looks like Zues Tracker is not longer available.

0 Karma
Reply
Get Updates on the Splunk Community!

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...

.conf24 | Personalize your .conf experience with Learning Paths!

Personalize your .conf24 Experience Learning paths allow you to level up your skill sets and dive deeper ...

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...