All Apps and Add-ons

Proofpoint - ET Splunk TA - Proxy settings

morganfw
Path Finder

Hello,
I've installed Proofpoint - ET Splunk TA v1.1.5 on Splunk Enterprise v7.2.9.1 and I need to configure a Proxy for exit on Internet.

- Issue:
I need to use a Proxy for exit on Internet, and when I set Proxy globally on OS, I can contact all sites, but Proofpoint - ET Splunk TA cannot contact Proofpoint API through Proxy, I assume that App contact Proofpoint API directly.

After some debugging, I've seen line 101 on $SPLUNK_HOME/etc/apps/TA-etintel/bin/update_repdata.py file that reports

def make_url(authcode, fname):
       url = 'https://rules.emergingthreatspro.com/{0}/reputation/{1}'.format(
            authcode, fname)
       request = Request(url)
       logger.debug("Version is %s", VERSION)
       agent = "ET-SPLUNK-TA (" + VERSION + ")"
       logger.debug("User-agent is %s", agent)
       request.add_header("User-agent", agent)
       return request

I want to know how to setup Proxy lines into the script for exit Internet.

I suggest to make a modification on next App version, and add option to allow the user to modify Proxy Settings through App Web Interface on Splunk.

Any suggestion for quick resolve with a WA?
Regards

0 Karma
1 Solution

morganfw
Path Finder

Hello,
I managed the change of the proxy with following modification in $SPLUNK_HOME/etc/apps/TA-etintel/bin/update_repdata.py

- Original script -

def make_url(authcode, fname):
    url = 'https://rules.emergingthreatspro.com/{0}/reputation/{1}'.format(
        authcode, fname)
    request = Request(url)
    request.set_proxy('http://<your_proxy>:<your_port>','http')
    logger.debug("Version is %s", VERSION)
    agent = "ET-SPLUNK-TA (" + VERSION + ")"
    logger.debug("User-agent is %s", agent)
    request.add_header("User-agent", agent)
    return request

- Modified script (adding "request.set_proxy" below line 104) -

def make_url(authcode, fname):
    url = 'https://rules.emergingthreatspro.com/{0}/reputation/{1}'.format(
        authcode, fname)
    request = Request(url)
    request.set_proxy('http://<your_proxy>:<your_port>','http')
    logger.debug("Version is %s", VERSION)
    agent = "ET-SPLUNK-TA (" + VERSION + ")"
    logger.debug("User-agent is %s", agent)
    request.add_header("User-agent", agent)
    return request

Thank you.

View solution in original post

0 Karma

morganfw
Path Finder

Hello,
I managed the change of the proxy with following modification in $SPLUNK_HOME/etc/apps/TA-etintel/bin/update_repdata.py

- Original script -

def make_url(authcode, fname):
    url = 'https://rules.emergingthreatspro.com/{0}/reputation/{1}'.format(
        authcode, fname)
    request = Request(url)
    request.set_proxy('http://<your_proxy>:<your_port>','http')
    logger.debug("Version is %s", VERSION)
    agent = "ET-SPLUNK-TA (" + VERSION + ")"
    logger.debug("User-agent is %s", agent)
    request.add_header("User-agent", agent)
    return request

- Modified script (adding "request.set_proxy" below line 104) -

def make_url(authcode, fname):
    url = 'https://rules.emergingthreatspro.com/{0}/reputation/{1}'.format(
        authcode, fname)
    request = Request(url)
    request.set_proxy('http://<your_proxy>:<your_port>','http')
    logger.debug("Version is %s", VERSION)
    agent = "ET-SPLUNK-TA (" + VERSION + ")"
    logger.debug("User-agent is %s", agent)
    request.add_header("User-agent", agent)
    return request

Thank you.

0 Karma

PavelP
Motivator

have you tried to set

export HTTP_PROXY=http://proxy:port

in Splunk init or Unit file? The Request python module supports proxy configuration by setting the environment variables:

https://2.python-requests.org/en/v2.8.1/user/advanced/#proxies

0 Karma
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.

Can’t make it to .conf25? Join us online!

Get Updates on the Splunk Community!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

 Are you ready to revolutionize your IT operations? As digital transformation accelerates, the demand for ...

Calling All Security Pros: Ready to Race Through Boston?

Hey Splunkers, .conf25 is heading to Boston and we’re kicking things off with something bold, competitive, and ...

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Financial services organizations face an impossible equation: maintain 99.9% uptime for mission-critical ...