All Apps and Add-ons

iSight Partners ThreatScape app not receiving any data

ng87
Path Finder

I have installed the iSight Partners ThreatScape app in Splunk ( latest version ) however i am not getting any data for the app.
The app has been installed correctly as i can see the indexes the app has created. I have also set the correct API keys and selected all the feeds i need.
I thought it may be a proxy issue however the host is able to connect to api.isightpartners.com without an issue.
The app has now been installed for more than a day and the index remains empty. Is there any way to 'debug' an app or view app specific logs?

0 Karma
1 Solution

ng87
Path Finder

got it working by changing the script path in inputs.conf ( app specific ) to [script://$SPLUNK_HOME\etc\apps\iSIGHTPartners_ThreatScape_App\bin\fetch_indicators.py 15]

View solution in original post

0 Karma

ng87
Path Finder

got it working by changing the script path in inputs.conf ( app specific ) to [script://$SPLUNK_HOME\etc\apps\iSIGHTPartners_ThreatScape_App\bin\fetch_indicators.py 15]

0 Karma

ng87
Path Finder

Worth mentioning that my Splunk Instance is running on Windows ( Dev instance ) .

0 Karma

ng87
Path Finder

I think i tracked down the error in the logs which appears to be :
04-04-2017 12:33:05.524 +0100 ERROR FrameworkUtils - Incorrect path to script: .\bin\fetch_indicators.py. Script must be located inside $SPLUNK_HOME\bin\scripts.
04-04-2017 12:33:05.524 +0100 ERROR ExecProcessor - Ignoring: ".\bin\fetch_indicators.py 15"
04-04-2017 12:33:05.524 +0100 ERROR FrameworkUtils - Incorrect path to script: .\bin\fetch_iocs.py. Script must be located inside $SPLUNK_HOME\bin\scripts.
04-04-2017 12:33:05.524 +0100 ERROR ExecProcessor - Ignoring: ".\bin\fetch_iocs.py 15"
04-04-2017 12:33:05.524 +0100 ERROR FrameworkUtils - Incorrect path to script: .\bin\fetch_vulnerabilities.py. Script must be located inside $SPLUNK_HOME\bin\scripts.
04-04-2017 12:33:05.524 +0100 ERROR ExecProcessor - Ignoring: ".\bin\fetch_vulnerabilities.py 15"

Those scripts its trying to launch are located in the splunk_home\etc\apps\iSIGHTPartners_ThreatScape_App\bin

I have registered the paths using splunks envars command/batch script.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...