All Apps and Add-ons

Connection to Loopback Address - Not working with Palo Alto Networks Add-on

willadams
Contributor

I downloaded the Palo Alto Networks Add-on to pull down feeds from the MineMeld Service.  I have configured the Palo Alto TA with the relevant credentials and output node feed URL's as per our configuration.  I have configured proxy settings and can confirm that my instance is attempting a connection.  However I noted that when the Palo Alto TA runs to fetch this, I note on the proxy that the "connectionpool.py" in the "Splunk_TA_paloalto_minemeld_feed.log" is starting new HTTPS requests to the loop back adapter (i.e. 127.0.0.1).

I have other TA's installed that have their own proxy configurations and these tend to work as expected.  Any thoughts on what might be happening here?

"MYINSTALL\etc\apps\Splunk_TA_paloalto\bin\splunk_ta_paloalto\modinput_wrapper\base_modinput.py", line 127, in stream_events
self.collect_events(ew)
File "MYINSTALL\etc\apps\Splunk_TA_paloalto\bin\minemeld_feed.py", line 72, in collect_events
input_module.collect_events(self, ew)
File "MYINSTALL\etc\apps\Splunk_TA_paloalto\bin\input_module_minemeld_feed.py", line 78, in collect_events
kvs_entries = pull_from_kvstore(helper, name, start, stats)
File "MYINSTALL\etc\apps\Splunk_TA_paloalto\bin\input_module_minemeld_feed.py", line 45, in inner
ret_val = func(*args)
File "MYINSTALL\etc\apps\Splunk_TA_paloalto\bin\input_module_minemeld_feed.py", line 120, in pull_from_kvstore
parameters={'query': json.dumps({'splunk_source': name})})
File "MYINSTALL\etc\apps\Splunk_TA_paloalto\bin\splunk_ta_paloalto\modinput_wrapper\base_modinput.py", line 476, in send_http_request
proxy_uri=self._get_proxy_uri() if use_proxy else None)
File "MYINSTALL\etc\apps\Splunk_TA_paloalto\bin\splunk_ta_paloalto\splunk_aoblib\rest_helper.py", line 43, in send_http_request
return self.http_session.request(method, url, **requests_args)
File "MYINSTALL\etc\apps\Splunk_TA_paloalto\bin\splunk_ta_paloalto\requests\sessions.py", line 488, in request
resp = self.send(prep, **send_kwargs)
File "MYINSTALL\etc\apps\Splunk_TA_paloalto\bin\splunk_ta_paloalto\requests\sessions.py", line 609, in send
r = adapter.send(request, **kwargs)
File "MYINSTALL\etc\apps\Splunk_TA_paloalto\bin\splunk_ta_paloalto\requests\adapters.py", line 390, in send
conn = self.get_connection(request.url, proxies)
File "MYINSTALL\etc\apps\Splunk_TA_paloalto\bin\splunk_ta_paloalto\requests\adapters.py", line 290, in get_connection
proxy_manager = self.proxy_manager_for(proxy)
File "MYINSTALL\etc\apps\Splunk_TA_paloalto\bin\splunk_ta_paloalto\requests\adapters.py", line 184, in proxy_manager_for
**proxy_kwargs
File "MYINSTALL\etc\apps\Splunk_TA_paloalto\bin\splunk_ta_paloalto\requests\adapters.py", line 43, in SOCKSProxyManager
raise InvalidSchema("Missing dependencies for SOCKS support.")
InvalidSchema: Missing dependencies for SOCKS support.

DateTimeStamp,039 INFO pid=183272 tid=MainThread file=connectionpool.py:_new_conn:758 | Starting new HTTPS connection (1): 127.0.0.1
DateTimeStamp,352 INFO pid=154016 tid=MainThread file=connectionpool.py:_new_conn:758 | Starting new HTTPS connection (1): 127.0.0.1
DateTimeStamp,655 INFO pid=16340 tid=MainThread file=connectionpool.py:_new_conn:758 | Starting new HTTPS connection (1): 127.0.0.1

Labels (1)
0 Karma

willadams
Contributor

Anyone come across this?

 

 

0 Karma
Get Updates on the Splunk Community!

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

At .conf24, we shared that we were in the process of integrating Cisco Talos threat intelligence into Splunk ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Easily Improve Agent Saturation with the Splunk Add-on for OpenTelemetry Collector

Agent Saturation What and Whys In application performance monitoring, saturation is defined as the total load ...