topic TAXII files being downloaded but not processed by Enterprise Security in Splunk Search https://community.splunk.com/t5/Splunk-Search/TAXII-files-being-downloaded-but-not-processed-by-Enterprise/m-p/564465#M196635 <P>Hi Splunkers.</P><P>We are having an issue whereby a TAXII feed has stopped being incorporated into the Enterprise Security Threat Intelligence module.</P><P>The feed has been working o.k. (i.e. downloading <EM>and</EM> importing indicators) for some time but in recent times only the download is working.</P><P>- Threat Intelligence Audit in ES the download shows no errors (exit_status of 0)<BR />- We can see the downloaded .xml file with TAXII indicators in the&nbsp;<SPAN><STRONG>SA-ThreatIntelligence/local/data/threat_intel</STRONG> directory.<BR />- threatlist.log also shows a successful download</SPAN></P><P><SPAN>I don't see anything specific in the logs showing an issue processing the download files.</SPAN></P><P>In Security Intelligence --&gt; Threat Intelligence --&gt; Threat Artifacts we see where earlier files.</P><P>Any other suggestions for where to look to diagnose/resolve this issue.</P><P>Cheers!</P> Tue, 24 Aug 2021 05:04:22 GMT torowa 2021-08-24T05:04:22Z TAXII files being downloaded but not processed by Enterprise Security https://community.splunk.com/t5/Splunk-Search/TAXII-files-being-downloaded-but-not-processed-by-Enterprise/m-p/564465#M196635 <P>Hi Splunkers.</P><P>We are having an issue whereby a TAXII feed has stopped being incorporated into the Enterprise Security Threat Intelligence module.</P><P>The feed has been working o.k. (i.e. downloading <EM>and</EM> importing indicators) for some time but in recent times only the download is working.</P><P>- Threat Intelligence Audit in ES the download shows no errors (exit_status of 0)<BR />- We can see the downloaded .xml file with TAXII indicators in the&nbsp;<SPAN><STRONG>SA-ThreatIntelligence/local/data/threat_intel</STRONG> directory.<BR />- threatlist.log also shows a successful download</SPAN></P><P><SPAN>I don't see anything specific in the logs showing an issue processing the download files.</SPAN></P><P>In Security Intelligence --&gt; Threat Intelligence --&gt; Threat Artifacts we see where earlier files.</P><P>Any other suggestions for where to look to diagnose/resolve this issue.</P><P>Cheers!</P> Tue, 24 Aug 2021 05:04:22 GMT https://community.splunk.com/t5/Splunk-Search/TAXII-files-being-downloaded-but-not-processed-by-Enterprise/m-p/564465#M196635 torowa 2021-08-24T05:04:22Z