Getting error 'No module named Crypto.Cipher' in P...

santosh_sshanbh · ‎03-26-2019

I have created a custom alert action which calls a Python script. The script uses Crypto.Cipher library to encrypt/decrypt sting data.

When I run the script from Spyder IDE, it works fine and returns expected result. However, when the same script runs from Splunk it gives below error

03-26-2019 13:06:02.949 +0000 ERROR sendmodalert - action=test STDERR - Traceback (most recent call last):
03-26-2019 13:06:02.949 +0000 ERROR sendmodalert - action=test STDERR - File "F:\Program Files\Splunk\etc\apps\alert_test\bin\test.py", line 5, in
03-26-2019 13:06:02.949 +0000 ERROR sendmodalert - action=test STDERR - from Crypto.Cipher import AES
03-26-2019 13:06:02.949 +0000 ERROR sendmodalert - action=test STDERR - ImportError: No module named Crypto.Cipher
03-26-2019 13:06:03.205 +0000 INFO sendmodalert - action=test - Alert action script completed in duration=778 ms with exit code=1
03-26-2019 13:06:03.205 +0000 WARN sendmodalert - action=test - Alert action script returned error code=1

I have below code in the python script

from Crypto.Cipher import AES
import base64

nickhills · ‎03-26-2019

Splunk has its own Python executable and libraries.
If you are using custom libs you need to copy these into your application's /bin directory so the Splunk Python can load them

If my comment helps, please give it a thumbs up!

santosh_sshanbh · ‎03-26-2019

I am using pycrypto library which can be downloaded from https://www.dlitz.net/software/pycrypto/

However, the download contains multiple files, directories. Do I need to keep all of them in my custom apps bin directory?

Getting error 'No module named Crypto.Cipher' in Python script

Modern way of developing distributed application using OTel

Enterprise Security Content Update (ESCU) | New Releases

Archived Metrics Now Available for APAC and EMEA realms