How to troubleshoot why I'm not getting any data in the iSight Partners ThreatScape App?

New Member

Hi All,

I installed the iSight Partners ThreatScape App, but data is unavailable in Splunk.
What could be the possible reason for this? Please help

Thank you,
Nidhi Gupta

0 Karma

New Member

Please consider the following:
1. Have you installed the API keys (Public/Private) that are required (manage Apps-iSIGHT Partners-Set up) and set a start date to receive indicators? Contact iSIGHT Partners ( to get keys.
2. Set either Indicators and Warnings or Indicators of Compromise or Vulnerability checkboxes? Need at least one.
3. Examine the indexes; has isightpartners been created (Settings-Data-Indexes)? If not, may want to re-install.
4. Should see results when you execute from either Search & Reporting or this app: Search (index=isight*)

When app is installed, make sure enough time is allotted to allow API to make call to iSIGHT cloud ( Should begin immediately followed by cron job you've configured. Do you have a proxy that could prevent successful connection to iSIGHT? If so, need to specify in Set Up.

From browser, type: Should get error response that you haven't authenticated properly, but at least are communicating with servers (i.e. not a network problem):

{"success": false, "message": {"error": "resourceNotFound", "description": "The resource does not exist.", "url": "”}}

Hope this helps with debug. - MJ

0 Karma