threat list download failed after multiple retries

ybahat · ‎05-11-2015

The splunk server is located behind a proxy, and i'm getting a lot of "threat list download failed after multiple retries" error messages.

From my logs I can see that the download is attempted directly, and not through the proxy.
What do I need to configure and where?

shellsam · ‎10-12-2016

I too have the same issue.but i had configured the proxy

tskinnerivsec · ‎06-03-2015

I am working on this myself, still getting failures after configuring proxy info. Does proxy server field need to be populated in http:\ format, or does just the ip address of the proxy suffice in that field?

mdessus_splunk · ‎06-03-2015

Just enter the hostname or ip address.
Note also there were a bug in older versions if you were using proxy authentication under certain conditions (I assume it is resolved now). Are you using authentication ?

If it does not work, look for your proxy logs in Splunk 🙂

mdessus_splunk · ‎05-11-2015

Hello, you need to configure first the proxy setting in each threat (Configure / Data Enrichment / Threat list), and if needed authentication in Configure / General / Credential management. And it should work !

threat list download failed after multiple retries

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

.conf24 | Personalize your .conf experience with Learning Paths!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...