Security

Getting error “Connect to 127.0.0.1:9999 failed. Connection refused“ when I start the Kaspersky Threat Feed App for Splunk

xtlyk
New Member

Hi everyone,

i have installed the Kaspersky Threat Feed App for Splunk, but I'm getting error:

Connect to 127.0.0.1:9999 failed. Connection refused 

in splunkd.log. I can't see any data in Splunk Web.
Can you help me? Thank you
alt text

0 Karma

KasperskyLab
New Member

Hello, xtlyk!

Miteshvohra is right!
Please contact Kaspersky Lab to get Kaspersky Threat Feed Service (KTFS) and access to Threat Intelligence Data Feeds: https://www.kaspersky.com/enterprise-security/intelligence-services

The reason you got this error, because Kaspersky Threat Feed App for Splunk requires KTFS to be launched on you Linux system.

Please let us know if you have any question.
Thank you!

0 Karma

miteshp250283
Path Finder

@KasperskyLab: Any plans to release a working copy of app including the scripts and sample data?

We have prospect customers who are looking out for Kaspersky TDF and Splunk Enterprise Security integration.

Appreciate if you can upload the full version to Splunkbase.

Thanks, Mitesh.

0 Karma

KasperskyLab
New Member

Hello Mitesh,

Please note that according to Splunkbase guideline, we can’t upload any binary (such as Kaspersky Threat Feed Service) other than App for Splunk. Thus, please contact our team responsible for security services – intelligence@kaspersky.com (please specify you are from Splunkbase). They will provide you with the full package to integrate Kaspersky Threat Data Feeds with Splunk.
Feel free to ask any question you have.

Thank you in advance.
Best regards, Kaspersky Lab.

0 Karma

miteshvohra
Contributor
  1. The documentation of the App states : BEFORE YOU START USING THE APPLICATION, PLEASE CONTACT KASPERSKY LAB TO GET KASPERSKY THREAT FEED SERVICE AND ACCESS TO KASPERSKY THREAT INTELLIGENCE DATA FEEDS.

Kindly reach out to anyone in Kaspersky Lab team in your region for obtaining trial access to the feed service.

  1. Kaspersky Threat Feed App for Splunk and Feed Service have the following system requirements.

Supported operating systems: Linux x64
Software requirements: Splunk 6.2+ & Python 2.6, 2.7

Source URL: https://help.kaspersky.com/KFS/1.0/en-EN/98426.htm

Make sure your system meets the stated requirements.

Please share your experience.

Mitesh.

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...