Splunk Enterprise Security

Threat Intelligence custom feed error

comantxe
New Member

Hello,

I just configured a new Custom Threat Intelligence feed in Splunk Enterprise Security and I'm getting a strange error in the audit view:

2021-11-24 10:31:04,387+0000 ERROR pid=78967 tid=MainThread file=base_modinput.py:execute:820 | Execution failed: 'ThreatlistModularInput' object has no attribute 'file_path' Traceback (most recent call last): File "/opt/splunk/etc/apps/SA-Utils/lib/SolnCommon/modinput/base_modinput.py", line 811, in execute log_exception_and_continue=True File "/opt/splunk/etc/apps/SA-Utils/lib/SolnCommon/modinput/base_modinput.py", line 388, in do_run self.run(stanza) File "/opt/splunk/etc/apps/SA-ThreatIntelligence/bin/threatlist.py", line 679, in run self.execute_workloads(stanza, args, last_run) File "/opt/splunk/etc/apps/SA-ThreatIntelligence/bin/threatlist.py", line 587, in execute_workloads 'file_path': self.file_path, AttributeError: 'ThreatlistModularInput' object has no attribute 'file_path'

The URL of the feed is :https://api.maltiverse.com/collection/uYxZknEB8jmkCY9eQoUJ/download?filetype=splunk-ipv4&token=eyJ0e...

And as you can notice it is a CSV where column 1 is the description and the second is the IP address, so filling up the formulary in the Threat Intelligence module in Splunk ES with the following format:

Field Value

File parserauto
Delimiting regular expression,
Extracting regular expression 
Fieldsdescription:$1,ip:$2
Ignorign regular expression(^#|^\s*$)
Skip header lines1
Intelligence file encodingUTF8
SinkholeYes

 

Can anybody help me out?

Thanks in advance

Labels (2)
0 Karma
Get Updates on the Splunk Community!

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...

Security Highlights | January 2023 Newsletter

January 2023 Splunk Security Essentials (SSE) 3.7.0 ReleaseThe free Splunk Security Essentials (SSE) 3.7.0 app ...

Platform Highlights | January 2023 Newsletter

 January 2023Peace on Earth and Peace of Mind With Business ResilienceAll organizations can start the new year ...