Optiv Threat Intel: Why are there no logs formed?

antifreke · ‎02-16-2017

I am having some difficulty with the OpTiv Threat Intel app and am troubleshooting why there are no logs formed. I have minimal data in the troubleshooting section that gives me the following 3 lines:

[*] Starting python threat list script. 
[*] Starting python get alerts script.
[*] Looking for old log files to clear.

I've changed these over to the full path for the Windows machine:

./bin/getalerts.py:38: splunk_home = '/opt/splunk' 
./bin/starter_script.sh:5:THREAT_SCRIPT_PATH="/opt/splunk/etc/apps/optiv_threat_intel/bin/optiv_threat_lists.py" 
./bin/starter_script.sh:6:RSS_SCRIPT_PATH="/opt/splunk/etc/apps/optiv_threat_intel/bin/getalerts.py" 
./bin/starter_script.sh:7:#LOG_FOLDER="/opt/splunk/etc/apps/optiv_threat_intel/bin/" 
./bin/starter_script.sh:8:LOG_FOLDER="/opt/splunk/var/log/splunk/" 
./bin/starter_script.sh:9:PYTHON="/opt/splunk/bin/splunk cmd python" 
./bin/optiv_threat_lists.py:64: splunk_home = '/opt/splunk'

Reset and reloaded, and nothing populates. I've uninstalled and done a clean reinstall with the same results. There are no log files created in the var/log directory to assist with trouble shooting. Any help would be greatly appreciated.

derekarnold · ‎02-17-2017

There are four files to edit when using a different file path. See this other thread please:

https://answers.splunk.com/answers/374894/how-to-configure-the-optiv-threat-intel-app-on-win.html

Specifically the BAT file listed is what you'll need the path corrected.

Optiv Threat Intel: Why are there no logs formed?

Splunk Enterprise Security 8.0.2 Availability: On cloud and On-premise!

Logs to Metrics

Developer Spotlight with Paul Stout