Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Getting error “Connect to 127.0.0.1:9999 failed. Connection refused“ when I start the Kaspersky Threat Feed App for Splunk

xtlyk
New Member
‎07-20-2016 02:27 AM

Hi everyone,

i have installed the Kaspersky Threat Feed App for Splunk, but I'm getting error:

Connect to 127.0.0.1:9999 failed. Connection refused

in splunkd.log. I can't see any data in Splunk Web.
Can you help me? Thank you
alt text

Preview file
35 KB
0 Karma
Reply

KasperskyLab
New Member
‎09-19-2016 03:44 AM

Hello, xtlyk!

Miteshvohra is right!
Please contact Kaspersky Lab to get Kaspersky Threat Feed Service (KTFS) and access to Threat Intelligence Data Feeds: https://www.kaspersky.com/enterprise-security/intelligence-services

The reason you got this error, because Kaspersky Threat Feed App for Splunk requires KTFS to be launched on you Linux system.

Please let us know if you have any question.
Thank you!

0 Karma
Reply

miteshp250283
Path Finder
‎05-19-2017 05:57 AM

@KasperskyLab: Any plans to release a working copy of app including the scripts and sample data?

We have prospect customers who are looking out for Kaspersky TDF and Splunk Enterprise Security integration.

Appreciate if you can upload the full version to Splunkbase.

Thanks, Mitesh.

0 Karma
Reply

KasperskyLab
New Member
‎05-23-2017 05:37 AM

Hello Mitesh,

Please note that according to Splunkbase guideline, we can’t upload any binary (such as Kaspersky Threat Feed Service) other than App for Splunk. Thus, please contact our team responsible for security services – intelligence@kaspersky.com (please specify you are from Splunkbase). They will provide you with the full package to integrate Kaspersky Threat Data Feeds with Splunk.
Feel free to ask any question you have.

Thank you in advance.
Best regards, Kaspersky Lab.

0 Karma
Reply

miteshvohra
Contributor
‎09-02-2016 12:58 AM
  1. The documentation of the App states : BEFORE YOU START USING THE APPLICATION, PLEASE CONTACT KASPERSKY LAB TO GET KASPERSKY THREAT FEED SERVICE AND ACCESS TO KASPERSKY THREAT INTELLIGENCE DATA FEEDS.

Kindly reach out to anyone in Kaspersky Lab team in your region for obtaining trial access to the feed service.

  1. Kaspersky Threat Feed App for Splunk and Feed Service have the following system requirements.

Supported operating systems: Linux x64
Software requirements: Splunk 6.2+ & Python 2.6, 2.7

Source URL: https://help.kaspersky.com/KFS/1.0/en-EN/98426.htm

Make sure your system meets the stated requirements.

Please share your experience.

Mitesh.

Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...