Re: Resolving Error when using VirusTotal TA?

jhilton90 · ‎06-21-2023

I have installed and setup the VirusTotal TA with basic configuration i.e. API key and Max Batch Size just to test things.

However when I try to run the following command

index=advanced_hunting category="AdvancedHunting-UrlClickEvents" properties.UrlChain=*
| virustotal domain=properties.UrlChain

I get the following error

Error in 'virustotal' command: External search command exited unexpectedly with non-zero error code 1.

Streamed search execute failed because: Error in 'virustotal' command: External search command exited unexpectedly with non-zero error code 1.

I'm scrolling through Google but nothing is helping at the moment.

Was wondering if anyone else has experienced the same issue

vikas_gopal · ‎11-27-2023

Hi There ,

Are you able to resolve this issue ? if yes please post your workaround as I am also facing same issue .

jhilton90 · ‎11-27-2023

Unfortunately not no

vikas_gopal · ‎11-27-2023

sure thank you , I am trying to reach out to the addon creator and trying few things here . Will update here in case I come with something

vikas_gopal · ‎11-28-2023

Issue has been resolved after we provide admin permission to all the respective knowledge objects of this addon , like saved searches , lookups . I do not see this error any more

Resolving Error when using VirusTotal TA?

configuration

installation

troubleshooting

Can’t make it to .conf25? Join us online!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Unlock What’s Next: The Splunk Cloud Platform at .conf25

Are you a member of the Splunk Community?