All Apps and Add-ons

Rapid7 Nexpose Technology Add-On for Splunk: Why did all of my indexes stop working?

ssodhi
Explorer

can someone confirm if this module is even working properly ?
when I install it, all of my indexes won't work anymore, and once I disable it and reboot splunk, everything is back to normal.

appreciate your help.

0 Karma

ssodhi
Explorer

I got it working, somehow,
its just 1 issue. I can't figure it out how to query historical riskscore PER ASSET! it does do it per site but not asset.

seems like its just scanning December completely,
when I change the time period to see everything through November, eventhu the SITES are the same, I just see less assets, less vuls,

how do I do that?

0 Karma

dvickery
New Member

How did you get it working? I'm having a similar issue. We upgraded Nexpose consoles and the app stopped pulling any data.

0 Karma

jonathan_stewar
Path Finder

hi - thanks they are the apps that work together for Rapid7.
It's not an issue we've seen before. We wouldn't be able to debug your Splunk instance or the other Add-Ons but we can look at the Rapid7 App logs to double check them.
The logs required and support contact are here on the details tab: https://splunkbase.splunk.com/app/3457/#/details
Jonathan.

0 Karma

ssodhi
Explorer

I just installed a fresh splunk server,
installed those 2 addons, and it shows nothing.
nothing is getting pulled by rapid7 module. opened a case just now and sent 2 log files.

0 Karma

ssodhi
Explorer

https://splunkbase.splunk.com/app/3492/
https://splunkbase.splunk.com/app/3457/

these 2 addons were being installed, then all the indexes stopped indexing,. i,e Sophos API, OWA, Firewall,

should I create a new index? have you seen this before?

0 Karma

jonathan_stewar
Path Finder

Hi ssodhi,
Yes, it is working, how is it being installed?

0 Karma

ssodhi
Explorer

I have installed these 2, just followed the instruction.

https://splunkbase.splunk.com/app/3492/
https://splunkbase.splunk.com/app/3457/

then realized all of my addons stopped working, i.e Sophos API, Hurricane Firewall API, ...
should I create a new index?! have you seen this issue before?

Thanks

0 Karma

ssodhi
Explorer

here's the error from one of the module that doesn't work anymore.

12-05-2017 13:18:18.208 -0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/sophos_central/bin/sophos_events.py" Traceback (most recent call last):
12-05-2017 13:18:18.208 -0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/sophos_central/bin/sophos_events.py" File "/opt/splunk/etc/apps/sophos_central/bin/sophos_events.py", line 91, in
12-05-2017 13:18:18.208 -0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/sophos_central/bin/sophos_events.py" main()
12-05-2017 13:18:18.208 -0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/sophos_central/bin/sophos_events.py" File "/opt/splunk/etc/apps/sophos_central/bin/sophos_events.py", line 31, in main
12-05-2017 13:18:18.208 -0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/sophos_central/bin/sophos_events.py" endpoint, apiKey, auth = getCredentials(sessionKey)
12-05-2017 13:18:18.208 -0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/sophos_central/bin/sophos_events.py" File "/opt/splunk/etc/apps/sophos_central/bin/sophos_events.py", line 17, in getCredentials
12-05-2017 13:18:18.208 -0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/sophos_central/bin/sophos_events.py" if "central.sophos.com" in c['realm']:
12-05-2017 13:18:18.208 -0800 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/sophos_central/bin/sophos_events.py" TypeError: argument of type 'NoneType' is not iterable

0 Karma

woodcock
Esteemed Legend

Where are you deploying it?

0 Karma
Get Updates on the Splunk Community!

Database Performance Sidebar Panel Now on APM Database Query Performance & Service ...

We’ve streamlined the troubleshooting experience for database-related service issues by adding a database ...

IM Landing Page Filter - Now Available

We’ve added the capability for you to filter across the summary details on the main Infrastructure Monitoring ...

Dynamic Links from Alerts to IM Navigators - New in Observability Cloud

Splunk continues to improve the troubleshooting experience in Observability Cloud with this latest enhancement ...