All Apps and Add-ons

Proofpoint - ET Splunk TA - Proxy settings

morganfw
Path Finder

Hello,
I've installed Proofpoint - ET Splunk TA v1.1.5 on Splunk Enterprise v7.2.9.1 and I need to configure a Proxy for exit on Internet.

- Issue:
I need to use a Proxy for exit on Internet, and when I set Proxy globally on OS, I can contact all sites, but Proofpoint - ET Splunk TA cannot contact Proofpoint API through Proxy, I assume that App contact Proofpoint API directly.

After some debugging, I've seen line 101 on $SPLUNK_HOME/etc/apps/TA-etintel/bin/update_repdata.py file that reports

def make_url(authcode, fname):
       url = 'https://rules.emergingthreatspro.com/{0}/reputation/{1}'.format(
            authcode, fname)
       request = Request(url)
       logger.debug("Version is %s", VERSION)
       agent = "ET-SPLUNK-TA (" + VERSION + ")"
       logger.debug("User-agent is %s", agent)
       request.add_header("User-agent", agent)
       return request

I want to know how to setup Proxy lines into the script for exit Internet.

I suggest to make a modification on next App version, and add option to allow the user to modify Proxy Settings through App Web Interface on Splunk.

Any suggestion for quick resolve with a WA?
Regards

0 Karma
1 Solution

morganfw
Path Finder

Hello,
I managed the change of the proxy with following modification in $SPLUNK_HOME/etc/apps/TA-etintel/bin/update_repdata.py

- Original script -

def make_url(authcode, fname):
    url = 'https://rules.emergingthreatspro.com/{0}/reputation/{1}'.format(
        authcode, fname)
    request = Request(url)
    request.set_proxy('http://<your_proxy>:<your_port>','http')
    logger.debug("Version is %s", VERSION)
    agent = "ET-SPLUNK-TA (" + VERSION + ")"
    logger.debug("User-agent is %s", agent)
    request.add_header("User-agent", agent)
    return request

- Modified script (adding "request.set_proxy" below line 104) -

def make_url(authcode, fname):
    url = 'https://rules.emergingthreatspro.com/{0}/reputation/{1}'.format(
        authcode, fname)
    request = Request(url)
    request.set_proxy('http://<your_proxy>:<your_port>','http')
    logger.debug("Version is %s", VERSION)
    agent = "ET-SPLUNK-TA (" + VERSION + ")"
    logger.debug("User-agent is %s", agent)
    request.add_header("User-agent", agent)
    return request

Thank you.

View solution in original post

0 Karma

morganfw
Path Finder

Hello,
I managed the change of the proxy with following modification in $SPLUNK_HOME/etc/apps/TA-etintel/bin/update_repdata.py

- Original script -

def make_url(authcode, fname):
    url = 'https://rules.emergingthreatspro.com/{0}/reputation/{1}'.format(
        authcode, fname)
    request = Request(url)
    request.set_proxy('http://<your_proxy>:<your_port>','http')
    logger.debug("Version is %s", VERSION)
    agent = "ET-SPLUNK-TA (" + VERSION + ")"
    logger.debug("User-agent is %s", agent)
    request.add_header("User-agent", agent)
    return request

- Modified script (adding "request.set_proxy" below line 104) -

def make_url(authcode, fname):
    url = 'https://rules.emergingthreatspro.com/{0}/reputation/{1}'.format(
        authcode, fname)
    request = Request(url)
    request.set_proxy('http://<your_proxy>:<your_port>','http')
    logger.debug("Version is %s", VERSION)
    agent = "ET-SPLUNK-TA (" + VERSION + ")"
    logger.debug("User-agent is %s", agent)
    request.add_header("User-agent", agent)
    return request

Thank you.

0 Karma

PavelP
Motivator

have you tried to set

export HTTP_PROXY=http://proxy:port

in Splunk init or Unit file? The Request python module supports proxy configuration by setting the environment variables:

https://2.python-requests.org/en/v2.8.1/user/advanced/#proxies

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...