All Apps and Add-ons

Why isn't the ThreatConnect App for Splunk Enterprise indexing logs?

Sanjai676
Path Finder

I have installed ThreatConnect in my lab environment and after initial configurations setting , no logs were indexed.
Could it be a case of python script error as i couldn't see any "ThreatConnect" reference in splunkd.log?

0 Karma
1 Solution

Sanjai676
Path Finder

I just found out that the Enterprise Security app is what causing the issue here. ThreatConnect doesn't work with ES..!!
I tried installing the app in a non-ES set up and it worked. Mystery solved.!

View solution in original post

0 Karma

Sanjai676
Path Finder

I just found out that the Enterprise Security app is what causing the issue here. ThreatConnect doesn't work with ES..!!
I tried installing the app in a non-ES set up and it worked. Mystery solved.!

0 Karma

gsopkoTC
Path Finder

The ThreatConnect App for Splunk is now on v2.1.2 and supports CIM and Splunk ES.

0 Karma

Sanjai676
Path Finder

i have digged a bit more into this, and what i could find is, the python script "ThreatConnect.py" in the app folder isn't executing. This script should fetch the logs from threatconnect web site. Whenever i try to run the script manually it says "importError: No module named 'threatconnect'". Im running the script from the right path and using python version 3. Can anyone suggest what's going wrong here?

0 Karma
*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!

Review:





Or Learn More in Our Blog >>