We noticed that the threat intel is not being populated using the Obelisk Threat Intel App for majority of the Intel sources. The error code received was:
Traceback (most recent call last):
File "/opt/splunk/etc/apps/TA_obelisk-threat/bin/obelisk_threat_intel.py", line 1015, in
main()
File "/opt/splunk/etc/apps/TA_obelisk-threat/bin/obelisk_threat_intel.py", line 935, in main
parseZeus(raw_threatlist)
File "/opt/splunk/etc/apps/TA_obelisk-threat/bin/obelisk_threat_intel.py", line 635, in parseZeus
zeusIPs = zeusIPs[2].split('\n')
IndexError: list index out of range
... View more