Re: Getting error 'No module named Crypto.Cipher' ...

santosh_sshanbh · ‎03-26-2019

I have created a custom alert action which calls a Python script. The script uses Crypto.Cipher library to encrypt/decrypt sting data.

When I run the script from Spyder IDE, it works fine and returns expected result. However, when the same script runs from Splunk it gives below error

03-26-2019 13:06:02.949 +0000 ERROR sendmodalert - action=test STDERR - Traceback (most recent call last):
03-26-2019 13:06:02.949 +0000 ERROR sendmodalert - action=test STDERR - File "F:\Program Files\Splunk\etc\apps\alert_test\bin\test.py", line 5, in
03-26-2019 13:06:02.949 +0000 ERROR sendmodalert - action=test STDERR - from Crypto.Cipher import AES
03-26-2019 13:06:02.949 +0000 ERROR sendmodalert - action=test STDERR - ImportError: No module named Crypto.Cipher
03-26-2019 13:06:03.205 +0000 INFO sendmodalert - action=test - Alert action script completed in duration=778 ms with exit code=1
03-26-2019 13:06:03.205 +0000 WARN sendmodalert - action=test - Alert action script returned error code=1

I have below code in the python script

from Crypto.Cipher import AES
import base64

nickhills · ‎03-26-2019

Splunk has its own Python executable and libraries.
If you are using custom libs you need to copy these into your application's /bin directory so the Splunk Python can load them

If my comment helps, please give it a thumbs up!

santosh_sshanbh · ‎03-26-2019

I am using pycrypto library which can be downloaded from https://www.dlitz.net/software/pycrypto/

However, the download contains multiple files, directories. Do I need to keep all of them in my custom apps bin directory?

Getting error 'No module named Crypto.Cipher' in Python script

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

Preparing your Splunk Environment for OpenSSL3

Easily Improve Agent Saturation with the Splunk Add-on for OpenTelemetry Collector