All Apps and Add-ons

How to complete Fireeye HX and Splunk Integration?

spl10
Explorer

Hi Team,

I am planning to integrate Fireeye HX and Splunk and for the same I have installed the app from Splunk Base "FireEye App for Splunk Enterprise v3 | Splunkbase" on Heavy Forwarder and Search Head.

Also as mentioned in the document performed the below steps 

  • The HX appliance logging cannot be set from the GUI as of right now, please use the CLI:
    hostname # logging <remote-IP-address> trap none
    hostname # logging <remote-IP-address> trap override class cef priority info
    hostname # write mem

On internal index I could see the below error and logs are not reflecting on Splunk

ERROR SearchOperator:kv [17796 TcpChannelThread] - Cannot compile RE \"<malware\sname=\"(?<malware_name>[\w-\.]{1,30})\"\s*(sid=\"(?<malware_sid>\d*)")?\s*(stype=\"(?<malware_stype>[\w-]{1,30})\")?\" for transform 'EXTRACT-malware-info_for_fireeye': Regex: invalid range in character class.

Any assistance for this issue will be much appreciated

Labels (1)
0 Karma

spl10
Explorer

can anyone please assist for this error?

Error message

ERROR TcpInputProc [11836 FwdDataReceiverThread] - Message rejected. Received unexpected message of size=1009989438 bytes from src=xx.xx.xx.xx in streaming mode. Maximum message size allowed=67108864. (::) Possible invalid source sending data to splunktcp port or valid source sending unsupported payload.

Here is my inputs.conf

[udp://xx.xx.xx.xx:876]
connection_host = dns
host = xxxxxx
index = yyyyyy
sourcetype = hx_cef_syslog

0 Karma

spl10
Explorer

Can anyone please help?

0 Karma
Get Updates on the Splunk Community!

Optimize Cloud Monitoring

  TECH TALKS Optimize Cloud Monitoring Tuesday, August 13, 2024  |  11:00AM–12:00PM PST   Register to ...

What's New in Splunk Cloud Platform 9.2.2403?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.2.2403! Analysts can ...

Stay Connected: Your Guide to July and August Tech Talks, Office Hours, and Webinars!

Dive into our sizzling summer lineup for July and August Community Office Hours and Tech Talks. Scroll down to ...