All Apps and Add-ons

Proofpoint - ET Splunk TA - Proxy settings

morganfw
Path Finder

Hello,
I've installed Proofpoint - ET Splunk TA v1.1.5 on Splunk Enterprise v7.2.9.1 and I need to configure a Proxy for exit on Internet.

- Issue:
I need to use a Proxy for exit on Internet, and when I set Proxy globally on OS, I can contact all sites, but Proofpoint - ET Splunk TA cannot contact Proofpoint API through Proxy, I assume that App contact Proofpoint API directly.

After some debugging, I've seen line 101 on $SPLUNK_HOME/etc/apps/TA-etintel/bin/update_repdata.py file that reports

def make_url(authcode, fname):
       url = 'https://rules.emergingthreatspro.com/{0}/reputation/{1}'.format(
            authcode, fname)
       request = Request(url)
       logger.debug("Version is %s", VERSION)
       agent = "ET-SPLUNK-TA (" + VERSION + ")"
       logger.debug("User-agent is %s", agent)
       request.add_header("User-agent", agent)
       return request

I want to know how to setup Proxy lines into the script for exit Internet.

I suggest to make a modification on next App version, and add option to allow the user to modify Proxy Settings through App Web Interface on Splunk.

Any suggestion for quick resolve with a WA?
Regards

0 Karma
1 Solution

morganfw
Path Finder

Hello,
I managed the change of the proxy with following modification in $SPLUNK_HOME/etc/apps/TA-etintel/bin/update_repdata.py

- Original script -

def make_url(authcode, fname):
    url = 'https://rules.emergingthreatspro.com/{0}/reputation/{1}'.format(
        authcode, fname)
    request = Request(url)
    request.set_proxy('http://<your_proxy>:<your_port>','http')
    logger.debug("Version is %s", VERSION)
    agent = "ET-SPLUNK-TA (" + VERSION + ")"
    logger.debug("User-agent is %s", agent)
    request.add_header("User-agent", agent)
    return request

- Modified script (adding "request.set_proxy" below line 104) -

def make_url(authcode, fname):
    url = 'https://rules.emergingthreatspro.com/{0}/reputation/{1}'.format(
        authcode, fname)
    request = Request(url)
    request.set_proxy('http://<your_proxy>:<your_port>','http')
    logger.debug("Version is %s", VERSION)
    agent = "ET-SPLUNK-TA (" + VERSION + ")"
    logger.debug("User-agent is %s", agent)
    request.add_header("User-agent", agent)
    return request

Thank you.

View solution in original post

0 Karma

morganfw
Path Finder

Hello,
I managed the change of the proxy with following modification in $SPLUNK_HOME/etc/apps/TA-etintel/bin/update_repdata.py

- Original script -

def make_url(authcode, fname):
    url = 'https://rules.emergingthreatspro.com/{0}/reputation/{1}'.format(
        authcode, fname)
    request = Request(url)
    request.set_proxy('http://<your_proxy>:<your_port>','http')
    logger.debug("Version is %s", VERSION)
    agent = "ET-SPLUNK-TA (" + VERSION + ")"
    logger.debug("User-agent is %s", agent)
    request.add_header("User-agent", agent)
    return request

- Modified script (adding "request.set_proxy" below line 104) -

def make_url(authcode, fname):
    url = 'https://rules.emergingthreatspro.com/{0}/reputation/{1}'.format(
        authcode, fname)
    request = Request(url)
    request.set_proxy('http://<your_proxy>:<your_port>','http')
    logger.debug("Version is %s", VERSION)
    agent = "ET-SPLUNK-TA (" + VERSION + ")"
    logger.debug("User-agent is %s", agent)
    request.add_header("User-agent", agent)
    return request

Thank you.

0 Karma

PavelP
Motivator

have you tried to set

export HTTP_PROXY=http://proxy:port

in Splunk init or Unit file? The Request python module supports proxy configuration by setting the environment variables:

https://2.python-requests.org/en/v2.8.1/user/advanced/#proxies

0 Karma
Get Updates on the Splunk Community!

How I Instrumented a Rust Application Without Knowing Rust

As a technical writer, I often have to edit or create code snippets for Splunk's distributions of ...

Splunk Community Platform Survey

Hey Splunk Community, Starting today, the community platform may prompt you to participate in a survey. The ...

Observability Highlights | November 2022 Newsletter

 November 2022Observability CloudEnd Of Support Extension for SignalFx Smart AgentSplunk is extending the End ...