All Apps and Add-ons

Splunk Add-on Builder Proxy Errors- Alert action works perfectly except when I enable proxy

jmartin_pro
Engager

Hello All,

This is my first time posting to Splunk Community. I've found a lot of value here and hope you all are doing well.

I have an add-on built with the Splunk Add-on Builder (I believe version 4.1.0) that contains an alert action that packages up search results and sends them to a HEC input. I am utilizing George Starcher's Python class for sending events to HEC inputs (https://github.com/georgestarcher/Splunk-Class-httpevent). The alert action works perfectly except when I enable the proxy - then I am hit with the error message:

 

 

Traceback (most recent call last):
  File "/opt/splunk/etc/apps/<appname>/bin/<appname>/splunk_http_event_collector.py", line 287, in _batchThread
    response = self.requests_retry_session().post(self.server_uri, data=payload, headers=headers, verify=self.SSL_verify,proxies=proxies)
  File "/opt/splunk/etc/apps/<appname>/bin/<appname>/aob_py3/requests/sessions.py", line 635, in post
    return self.request("POST", url, data=data, json=json, **kwargs)
  File "/opt/splunk/etc/apps/<appname>/bin/<appname>/aob_py3/requests/sessions.py", line 587, in request
    resp = self.send(prep, **send_kwargs)
  File "/opt/splunk/etc/apps/<appname>/bin/<appname>/aob_py3/requests/sessions.py", line 701, in send
    r = adapter.send(request, **kwargs)
  File "/opt/splunk/etc/apps/<appname>/bin/<appname>/aob_py3/requests/adapters.py", line 499, in send
    timeout=timeout,
  File "/opt/splunk/etc/apps/<appname>/bin/<appname>/aob_py3/urllib3/connectionpool.py", line 696, in urlopen
    self._prepare_proxy(conn)
  File "/opt/splunk/etc/apps/<appname>/bin/<appname>/aob_py3/urllib3/connectionpool.py", line 964, in _prepare_proxy
    conn.connect()
  File "/opt/splunk/etc/apps/<appname>/bin/<appname>/aob_py3/urllib3/connection.py", line 359, in connect
    conn = self._connect_tls_proxy(hostname, conn)
  File "/opt/splunk/etc/apps/<appname>/bin/<appname>/aob_py3/urllib3/connection.py", line 506, in _connect_tls_proxy
    ssl_context=ssl_context,
  File "/opt/splunk/etc/apps/<appname>/bin/<appname>/aob_py3/urllib3/util/ssl_.py", line 453, in ssl_wrap_socket
    ssl_sock = _ssl_wrap_socket_impl(sock, context, tls_in_tls)
  File "/opt/splunk/etc/apps/<appname>/bin/<appname>/aob_py3/urllib3/util/ssl_.py", line 495, in _ssl_wrap_socket_impl
    return ssl_context.wrap_socket(sock)
  File "/opt/splunk/lib/python3.7/ssl.py", line 423, in wrap_socket
    session=session
  File "/opt/splunk/lib/python3.7/ssl.py", line 827, in _create
    raise ValueError("check_hostname requires server_hostname")
ValueError: check_hostname requires server_hostname

 

 

 Has anyone come across similar behavior? I am trying a variety of different things but this has quickly gone over my head. Any help or direction would be greatly appreciated. Please let me know what information I can provide.

Thank you.

Labels (3)
0 Karma
1 Solution

jmartin_pro
Engager

This was resolved by altering one line in Starcher's class (line 266). Without this change, the script would error out when running through the SSL verification process.

from:

proxies = {'http': proxy_string.format('http',credential_string,self.proxy_url,self.proxy_port), 'https': proxy_string.format('https',credential_string,self.proxy_url,self.proxy_port)}

 to:

proxies = {'http': proxy_string.format('http',credential_string,self.proxy_url,self.proxy_port), 'https': proxy_string.format('http',credential_string,self.proxy_url,self.proxy_port)}

  

View solution in original post

0 Karma

jmartin_pro
Engager

This was resolved by altering one line in Starcher's class (line 266). Without this change, the script would error out when running through the SSL verification process.

from:

proxies = {'http': proxy_string.format('http',credential_string,self.proxy_url,self.proxy_port), 'https': proxy_string.format('https',credential_string,self.proxy_url,self.proxy_port)}

 to:

proxies = {'http': proxy_string.format('http',credential_string,self.proxy_url,self.proxy_port), 'https': proxy_string.format('http',credential_string,self.proxy_url,self.proxy_port)}

  

0 Karma
Get Updates on the Splunk Community!

Using Machine Learning for Hunting Security Threats

REGISTER NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more ...

Security Highlights | November 2022 Newsletter

 November 2022 2022 Gartner Magic Quadrant for SIEM: Splunk Named a Leader for the 9th Year in a RowSplunk is ...

Platform Highlights | November 2022 Newsletter

 November 2022 Skill Up on Splunk with our New Builder Tech Talk SeriesCan you build it? Yes you can! *play ...