All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Proofpoint - ET Splunk TA - Proxy settings

morganfw
Path Finder
‎03-30-2020 02:08 AM

Hello,
I've installed Proofpoint - ET Splunk TA v1.1.5 on Splunk Enterprise v7.2.9.1 and I need to configure a Proxy for exit on Internet.

- Issue:
I need to use a Proxy for exit on Internet, and when I set Proxy globally on OS, I can contact all sites, but Proofpoint - ET Splunk TA cannot contact Proofpoint API through Proxy, I assume that App contact Proofpoint API directly.

After some debugging, I've seen line 101 on $SPLUNK_HOME/etc/apps/TA-etintel/bin/update_repdata.py file that reports

def make_url(authcode, fname):
       url = 'https://rules.emergingthreatspro.com/{0}/reputation/{1}'.format(
            authcode, fname)
       request = Request(url)
       logger.debug("Version is %s", VERSION)
       agent = "ET-SPLUNK-TA (" + VERSION + ")"
       logger.debug("User-agent is %s", agent)
       request.add_header("User-agent", agent)
       return request

I want to know how to setup Proxy lines into the script for exit Internet.

I suggest to make a modification on next App version, and add option to allow the user to modify Proxy Settings through App Web Interface on Splunk.

Any suggestion for quick resolve with a WA?
Regards

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

morganfw
Path Finder
‎05-05-2020 03:24 AM

Hello,
I managed the change of the proxy with following modification in $SPLUNK_HOME/etc/apps/TA-etintel/bin/update_repdata.py

- Original script -

def make_url(authcode, fname):
    url = 'https://rules.emergingthreatspro.com/{0}/reputation/{1}'.format(
        authcode, fname)
    request = Request(url)
    request.set_proxy('http://<your_proxy>:<your_port>','http')
    logger.debug("Version is %s", VERSION)
    agent = "ET-SPLUNK-TA (" + VERSION + ")"
    logger.debug("User-agent is %s", agent)
    request.add_header("User-agent", agent)
    return request

- Modified script (adding "request.set_proxy" below line 104) -

def make_url(authcode, fname):
    url = 'https://rules.emergingthreatspro.com/{0}/reputation/{1}'.format(
        authcode, fname)
    request = Request(url)
    request.set_proxy('http://<your_proxy>:<your_port>','http')
    logger.debug("Version is %s", VERSION)
    agent = "ET-SPLUNK-TA (" + VERSION + ")"
    logger.debug("User-agent is %s", agent)
    request.add_header("User-agent", agent)
    return request

Thank you.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

morganfw
Path Finder
‎05-05-2020 03:24 AM

Hello,
I managed the change of the proxy with following modification in $SPLUNK_HOME/etc/apps/TA-etintel/bin/update_repdata.py

- Original script -

def make_url(authcode, fname):
    url = 'https://rules.emergingthreatspro.com/{0}/reputation/{1}'.format(
        authcode, fname)
    request = Request(url)
    request.set_proxy('http://<your_proxy>:<your_port>','http')
    logger.debug("Version is %s", VERSION)
    agent = "ET-SPLUNK-TA (" + VERSION + ")"
    logger.debug("User-agent is %s", agent)
    request.add_header("User-agent", agent)
    return request

- Modified script (adding "request.set_proxy" below line 104) -

def make_url(authcode, fname):
    url = 'https://rules.emergingthreatspro.com/{0}/reputation/{1}'.format(
        authcode, fname)
    request = Request(url)
    request.set_proxy('http://<your_proxy>:<your_port>','http')
    logger.debug("Version is %s", VERSION)
    agent = "ET-SPLUNK-TA (" + VERSION + ")"
    logger.debug("User-agent is %s", agent)
    request.add_header("User-agent", agent)
    return request

Thank you.

0 Karma
Reply
Solved! Jump to solution

PavelP
Motivator
‎03-30-2020 05:56 AM

have you tried to set

export HTTP_PROXY=http://proxy:port

in Splunk init or Unit file? The Request python module supports proxy configuration by setting the environment variables:

https://2.python-requests.org/en/v2.8.1/user/advanced/#proxies

0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...