Working on configuring Enterprise Security and need a hand with New Domain Analysis Dashboard. Here's whats up:
My hunch is that whatever mechanism that calls the "whois" doesn't work correctly. I went into "SA-NetworkProtection\bin" and chmoded all the python files to execute. Permissions look right.
The problem (I think) is that my ES search head has no internet access. Pretty sure I need to open up the mechanism that makes the whois work. Any advice on this? Documentation? Instructions?
As always, thanks in advance!
Search for "whois" at http://docs.splunk.com/Documentation/ES/3.2/Install/AdvancedThreatdashboards
You need to sign up for another service at domaintools at a minimum it looks like.
Any luck with a fix?