Hello Splunk Community,

I'm currently facing an issue with integrating Group-IB threat intelligence feeds into my Splunk environment and could really use some assistance.

Here's a brief overview of the problem:

1. Inconsistent Sourcetype Ingestion: Upon integrating the Group-IB threat intel feeds and installing the corresponding app on my Search Head, I've noticed inconsistent behavior in terms of sourcetype ingestion. Sometimes only one sourcetype is ingested, while other times it's five or seven. This variability is puzzling, and I'm not sure what's causing it.

2. Ingestion Interruption: Additionally, after a few days of seemingly normal ingestion, I observed that the ingestion process stopped abruptly. Upon investigating further, I found the following message in the logs:

*Health Check msg="A script exited abnormally with exit status 1" input="opt/splunk/etc/apps/gib_tia/bin/gib_tia.py" stanza = "xxx"*

This message indicates that the intelligence downloads of a specific sourcetype have failed on the host.

This issue is critical for our security operations, and I'm struggling to identify and resolve the root cause. If anyone has encountered similar challenges or has insights into troubleshooting such issues with threat intel feed integrations, I would greatly appreciate your assistance.

Thanks in advance,