All Apps and Add-ons

Rapid7 Nexpose Technology Add-On for Splunk: Why did all of my indexes stop working?

ssodhi
Explorer

can someone confirm if this module is even working properly ?
when I install it, all of my indexes won't work anymore, and once I disable it and reboot splunk, everything is back to normal.

appreciate your help.

0 Karma

ssodhi
Explorer

I got it working, somehow,
its just 1 issue. I can't figure it out how to query historical riskscore PER ASSET! it does do it per site but not asset.

seems like its just scanning December completely,
when I change the time period to see everything through November, eventhu the SITES are the same, I just see less assets, less vuls,

how do I do that?

0 Karma

dvickery
New Member

How did you get it working? I'm having a similar issue. We upgraded Nexpose consoles and the app stopped pulling any data.

0 Karma

jonathan_stewar
Path Finder

hi - thanks they are the apps that work together for Rapid7.
It's not an issue we've seen before. We wouldn't be able to debug your Splunk instance or the other Add-Ons but we can look at the Rapid7 App logs to double check them.
The logs required and support contact are here on the details tab: https://splunkbase.splunk.com/app/3457/#/details
Jonathan.

0 Karma

ssodhi
Explorer

I just installed a fresh splunk server,
installed those 2 addons, and it shows nothing.
nothing is getting pulled by rapid7 module. opened a case just now and sent 2 log files.

0 Karma

ssodhi
Explorer

https://splunkbase.splunk.com/app/3492/
https://splunkbase.splunk.com/app/3457/

these 2 addons were being installed, then all the indexes stopped indexing,. i,e Sophos API, OWA, Firewall,

should I create a new index? have you seen this before?

0 Karma

jonathan_stewar
Path Finder

Hi ssodhi,
Yes, it is working, how is it being installed?

0 Karma

ssodhi
Explorer

I have installed these 2, just followed the instruction.

https://splunkbase.splunk.com/app/3492/
https://splunkbase.splunk.com/app/3457/

then realized all of my addons stopped working, i.e Sophos API, Hurricane Firewall API, ...
should I create a new index?! have you seen this issue before?

Thanks

0 Karma

ssodhi
Explorer

here's the error from one of the module that doesn't work anymore.

12-05-2017 13:18:18.208 -0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/sophos_central/bin/sophos_events.py" Traceback (most recent call last):
12-05-2017 13:18:18.208 -0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/sophos_central/bin/sophos_events.py" File "/opt/splunk/etc/apps/sophos_central/bin/sophos_events.py", line 91, in
12-05-2017 13:18:18.208 -0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/sophos_central/bin/sophos_events.py" main()
12-05-2017 13:18:18.208 -0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/sophos_central/bin/sophos_events.py" File "/opt/splunk/etc/apps/sophos_central/bin/sophos_events.py", line 31, in main
12-05-2017 13:18:18.208 -0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/sophos_central/bin/sophos_events.py" endpoint, apiKey, auth = getCredentials(sessionKey)
12-05-2017 13:18:18.208 -0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/sophos_central/bin/sophos_events.py" File "/opt/splunk/etc/apps/sophos_central/bin/sophos_events.py", line 17, in getCredentials
12-05-2017 13:18:18.208 -0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/sophos_central/bin/sophos_events.py" if "central.sophos.com" in c['realm']:
12-05-2017 13:18:18.208 -0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/sophos_central/bin/sophos_events.py" TypeError: argument of type 'NoneType' is not iterable

0 Karma

woodcock
Esteemed Legend

Where are you deploying it?

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...