Cybereason For Splunk Upgrade Error

thkwon — Tue, 13 Jul 2021 12:29:42 GMT

Hello

My client company uses Splunk and Cybereason.
At first, I used the Cybereason For Splunk app 1.1.0.
modified the cybereason_rest_client.py file as below.
self.session = requests.session()
self.session.verify = False

Cybereason For Splunk 1.3.0 was released recently, upgrading the app.
ERROR occurs in $SPLUNK_HOME/var/log/splunk/cybereason path with modularinput.log and restclient.log.

-- modularinput.log ERROR --

2021-07-13 15:02:21, 354 log_level=ERROR pid=11744 tid=MainThread file="cybereason.py" function="run" line_number="182" version="CybereasonForSplunk.v.1.3.0"
Traceback:
Traceback (most recent call last):
File "/splunk/splunk_test/splunk/etc/apps/CybereasonForSplunk/bin/cybereason.py", line 138, in run
events = cyb.get_time_bound_malops(earliest=chk["last_time"], latest=now)
File "/splunk/splunk_test/splunk/etc/apps/CybereasonForSplunk/bin/cybereason_rest_client.py", line 420, in get_time_bound_malops
raise e
File "/splunk/splunk_test/splunk/etc/apps/CybereasonForSplunk/bin/cybereason_rest_client.py", line 358, in get_time_bound_malops
severity_dict = self._get_mapped_serverities(earliest, latest)
File "/splunk/splunk_test/splunk/etc/apps/CybereasonForSplunk/bin/cybereason_rest_client.py", line 680, in _get_mapped_serverities
raise Exception(ret.content)
Exception: b'<!DOCTYPE html><html><head><title>Error report</title></head><body><h1>HTTP Status 404 - Not Found</h1></body></html>'

2021-07-13 15:02:21, 354 log_level=ERROR pid=11744 tid=MainThread file="cybereason.py" line_number="181" version="CybereasonForSplunk.v.1.3.0"
message=b'<!DOCTYPE html><html><head><title>Error report</title></head><body><h1>HTTP Status 404 - Not Found</h1></body></html>'"
filename="cybereason.py" exception_line="138" input="cybereason://cybereason" section="malops"

-- restclient.log ERROR --
2021-07-13 15:02:21, 354 log_level=ERROR pid=11744 tid=MainThread file="cybereason_rest_client.py" function="get_time_bound_malops" line_number="419" version="CybereasonForSplunk.v.1.3.0"
message="b'<!DOCTYPE html><html><head><title>Error report</title></head><body><h1>HTTP Status 404 - Not Found</h1></body></html>'" exception_type="Exception"
exception_arguments="b'<DOCTYPE html><html><head><title>Error report</title></head><body><h1>HTTP Status 404 - Not Found</h1></body></html>'"
exception_type="Exception" exception_arguments="b'<!DOCTYPE html><html><head><title>Error report</title></head><body><h1>HTTP Status 404 - Not Found</h1></body></html>'"
filename="cybereason_rest_client.py" line="358" section="get_time_bound_malops"

Where is the problem?

Thanks

Re: Cybereason For Splunk Upgrade Error

HalisAkdeniz — Fri, 15 Oct 2021 12:01:27 GMT

Hello thkwon,

Could you solve this problem?

We have the same issue which causes not logging malops event.

Thanks

topic Re: Cybereason For Splunk Upgrade Error in All Apps and Add-ons

Cybereason For Splunk Upgrade Error

Re: Cybereason For Splunk Upgrade Error