All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

iSight Partners ThreatScape app not receiving any data

ng87
Path Finder
‎04-04-2017 01:00 AM

I have installed the iSight Partners ThreatScape app in Splunk ( latest version ) however i am not getting any data for the app.
The app has been installed correctly as i can see the indexes the app has created. I have also set the correct API keys and selected all the feeds i need.
I thought it may be a proxy issue however the host is able to connect to api.isightpartners.com without an issue.
The app has now been installed for more than a day and the index remains empty. Is there any way to 'debug' an app or view app specific logs?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ng87
Path Finder
‎04-04-2017 06:27 AM

got it working by changing the script path in inputs.conf ( app specific ) to [script://$SPLUNK_HOME\etc\apps\iSIGHTPartners_ThreatScape_App\bin\fetch_indicators.py 15]

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

ng87
Path Finder
‎04-04-2017 06:27 AM

got it working by changing the script path in inputs.conf ( app specific ) to [script://$SPLUNK_HOME\etc\apps\iSIGHTPartners_ThreatScape_App\bin\fetch_indicators.py 15]

0 Karma
Reply
Solved! Jump to solution

ng87
Path Finder
‎04-04-2017 01:47 AM

Worth mentioning that my Splunk Instance is running on Windows ( Dev instance ) .

0 Karma
Reply
Solved! Jump to solution

ng87
Path Finder
‎04-04-2017 04:36 AM

I think i tracked down the error in the logs which appears to be :
04-04-2017 12:33:05.524 +0100 ERROR FrameworkUtils - Incorrect path to script: .\bin\fetch_indicators.py. Script must be located inside $SPLUNK_HOME\bin\scripts.
04-04-2017 12:33:05.524 +0100 ERROR ExecProcessor - Ignoring: ".\bin\fetch_indicators.py 15"
04-04-2017 12:33:05.524 +0100 ERROR FrameworkUtils - Incorrect path to script: .\bin\fetch_iocs.py. Script must be located inside $SPLUNK_HOME\bin\scripts.
04-04-2017 12:33:05.524 +0100 ERROR ExecProcessor - Ignoring: ".\bin\fetch_iocs.py 15"
04-04-2017 12:33:05.524 +0100 ERROR FrameworkUtils - Incorrect path to script: .\bin\fetch_vulnerabilities.py. Script must be located inside $SPLUNK_HOME\bin\scripts.
04-04-2017 12:33:05.524 +0100 ERROR ExecProcessor - Ignoring: ".\bin\fetch_vulnerabilities.py 15"

Those scripts its trying to launch are located in the splunk_home\etc\apps\iSIGHTPartners_ThreatScape_App\bin

I have registered the paths using splunks envars command/batch script.

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...

Index This | When is October more than just the tenth month?

October 2025 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...