All Apps and Add-ons

Connection to Loopback Address - Not working with Palo Alto Networks Add-on

willadams
Contributor

I downloaded the Palo Alto Networks Add-on to pull down feeds from the MineMeld Service.  I have configured the Palo Alto TA with the relevant credentials and output node feed URL's as per our configuration.  I have configured proxy settings and can confirm that my instance is attempting a connection.  However I noted that when the Palo Alto TA runs to fetch this, I note on the proxy that the "connectionpool.py" in the "Splunk_TA_paloalto_minemeld_feed.log" is starting new HTTPS requests to the loop back adapter (i.e. 127.0.0.1).

I have other TA's installed that have their own proxy configurations and these tend to work as expected.  Any thoughts on what might be happening here?

"MYINSTALL\etc\apps\Splunk_TA_paloalto\bin\splunk_ta_paloalto\modinput_wrapper\base_modinput.py", line 127, in stream_events
self.collect_events(ew)
File "MYINSTALL\etc\apps\Splunk_TA_paloalto\bin\minemeld_feed.py", line 72, in collect_events
input_module.collect_events(self, ew)
File "MYINSTALL\etc\apps\Splunk_TA_paloalto\bin\input_module_minemeld_feed.py", line 78, in collect_events
kvs_entries = pull_from_kvstore(helper, name, start, stats)
File "MYINSTALL\etc\apps\Splunk_TA_paloalto\bin\input_module_minemeld_feed.py", line 45, in inner
ret_val = func(*args)
File "MYINSTALL\etc\apps\Splunk_TA_paloalto\bin\input_module_minemeld_feed.py", line 120, in pull_from_kvstore
parameters={'query': json.dumps({'splunk_source': name})})
File "MYINSTALL\etc\apps\Splunk_TA_paloalto\bin\splunk_ta_paloalto\modinput_wrapper\base_modinput.py", line 476, in send_http_request
proxy_uri=self._get_proxy_uri() if use_proxy else None)
File "MYINSTALL\etc\apps\Splunk_TA_paloalto\bin\splunk_ta_paloalto\splunk_aoblib\rest_helper.py", line 43, in send_http_request
return self.http_session.request(method, url, **requests_args)
File "MYINSTALL\etc\apps\Splunk_TA_paloalto\bin\splunk_ta_paloalto\requests\sessions.py", line 488, in request
resp = self.send(prep, **send_kwargs)
File "MYINSTALL\etc\apps\Splunk_TA_paloalto\bin\splunk_ta_paloalto\requests\sessions.py", line 609, in send
r = adapter.send(request, **kwargs)
File "MYINSTALL\etc\apps\Splunk_TA_paloalto\bin\splunk_ta_paloalto\requests\adapters.py", line 390, in send
conn = self.get_connection(request.url, proxies)
File "MYINSTALL\etc\apps\Splunk_TA_paloalto\bin\splunk_ta_paloalto\requests\adapters.py", line 290, in get_connection
proxy_manager = self.proxy_manager_for(proxy)
File "MYINSTALL\etc\apps\Splunk_TA_paloalto\bin\splunk_ta_paloalto\requests\adapters.py", line 184, in proxy_manager_for
**proxy_kwargs
File "MYINSTALL\etc\apps\Splunk_TA_paloalto\bin\splunk_ta_paloalto\requests\adapters.py", line 43, in SOCKSProxyManager
raise InvalidSchema("Missing dependencies for SOCKS support.")
InvalidSchema: Missing dependencies for SOCKS support.

DateTimeStamp,039 INFO pid=183272 tid=MainThread file=connectionpool.py:_new_conn:758 | Starting new HTTPS connection (1): 127.0.0.1
DateTimeStamp,352 INFO pid=154016 tid=MainThread file=connectionpool.py:_new_conn:758 | Starting new HTTPS connection (1): 127.0.0.1
DateTimeStamp,655 INFO pid=16340 tid=MainThread file=connectionpool.py:_new_conn:758 | Starting new HTTPS connection (1): 127.0.0.1

Labels (1)
0 Karma

willadams
Contributor

Anyone come across this?

 

 

0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...