I upgraded the ES app from 4.5 to 4.7. I work on a closed system so I do not make use of the Threat Intel downloads. Now despite having disabled each and every threat intel download source, I am still getting "failed to download threat intel" messages for each and every external source. I went through the inputs.conf file and confirmed that the "disabled" field is set to 1.
What could be causing this to still happen? I wound up making a backup copy of the inputs.conf file in the defaults directory and editing out the threat intel stanzas in the original file. This seems to have worked for now, at least until the next upgrade.
... View more