I found the solution my self. After some peeking and poking the next steps brought me to a solution. I don’t now if it is the correct / perfect solution but it works.
I downloaded from github [ https://github.com/ransomvik ]
The following two :
TA_obelisk-threat
obelisk-threat-intel
I stopped Splunk
removed the directories :
/opt/splunk/etc/apps/obelisk-threat-intel
/opt/splunk/etc/apps/TA_obelisk-threat
command : rm -RF /opt/splunk/etc/apps/obelisk-threat-intel
command : rm -RF /opt/splunk/etc/apps/TA_obelisk-threat
I unzipped the two downloaded files in the directory /opt/splunk/etc/apps/
I removed “-master” from the name of the directories
I edited the file /opt/splunk/etc/apps/TA_obelisk-threat/bin/obelisk_threat_intel.py
changed “ p = re.findall('^# Feodo(.?)^# Zeus',urlResults,re.DOTALL|re.MULTILINE)”
into “p = re.findall('^# Feodo(.?)',urlResults,re.DOTALL|re.MULTILINE)”
In it is row 747
started Splunk again , waited for a couple of hours and yes it works again.
... View more