Splunk Enterprise Security

Recorded future app missing session key

jerm1020rq
Explorer

When searching for sourcetype=recorded future IOCS, i receive the following error. I updated the API key and that fixed the issue of not being able to authenticate but now I am receiving this error. Is there somewhere within the config i need to stop the script from being started via Command line?

No session key was provided by the Splunk server. This can happen if the script is started from the command line which is not supported.
Traceback (most recent call last):
File "/opt/splunk/etc/apps/TA-recorded_future/bin/get-rf-threatlists.py", line 186, in main
session_key = rf_splunk.api_key.get_session_key()
File "/opt/splunk/etc/apps/TA-recorded_future/bin/rf_splunk/api_key.py", line 85, in get_session_key
raise MissingSessionKeyError('No session key was provided by the '
MissingSessionKeyError: No session key was provided by the Splunk server. This can happen if the script is started from the command line which is not supported.

0 Karma

ess
New Member

There is not enough data here to analyze the issue. Please open a support ticket through your support channel at Recorded Future.

0 Karma
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...