Re: After adding a threatlist it gives me an error...

saurabhsumangat · ‎05-14-2019

I have added a threat feed from abuse.ch
after adding it shows me the error "threat list could not be written to disk" on Audit threat intelligence page.

i have checked the error and says:

tanza="Abuse" status="threat list could not be written to disk" Traceback (most recent call last): File "\Splunk\etc\apps\SA-ThreatIntelligence\bin\threatlist.py", line 366, in download_csv shutil.move(temp_checkpoint_filehandle.name, args['target_filename']) File "\Splunk\Python-2.7\Lib\shutil.py", line 316, in move copy2(src, real_dst) File "\Splunk\Python-2.7\Lib\shutil.py", line 144, in copy2 copyfile(src, dst) File "\Splunk\Python-2.7\Lib\shutil.py", line 96, in copyfile with open(src, 'rb') as fsrc: IOError: [Errno 13] Permission denied: u:\splunk\modinputs\threatlist\Abuse.txt

But it says downloaded:

tid=MainThread file=threatlist.py:download_csv:360 | stanza="Abuse" retries_remaining="3" status="threat list downloaded" file="\Splunk\var\lib\splunk\modinputs\threatlist\Abuse.txt" bytes="5746" url="https://feodotracker.abuse.ch/downloads/ip.txt"

Someone please help me with the steps to be followed.

nizami · ‎07-02-2020

Hello.

Where you able to solve this issue. I am having the same problem.

After adding a threatlist it gives me an error "threat list could not be written to disk"

What’s New in Splunk Cloud Platform 9.1.2308?

Index This | Why do they call it hyper text?

State of Splunk Careers 2023: Career Resilience and the Continued Value of Splunk