Splunk Enterprise Security

Threat intelligence issue

Alan_Chan000
Loves-to-Learn Lots

After reviewing the Intelligence Audit Events, the following error message shows up, it seems that the feed cannot write to intel. Any idea?

 

2022-01-20 09:24:09,703+0000 ERROR pid=28186 tid=MainThread file=threat_intelligence_manager.py:process:432 | status="Error when writing output - threat intelligence may be incomplete." filename="/opt/splunk/etc/apps/SA-ThreatIntelligence/local/data/threat_intel/2022-01-18T11-23-26.053064.xml"
Traceback (most recent call last):
File "/opt/splunk/etc/apps/DA-ESS-ThreatIntelligence/bin/threat_intelligence_manager.py", line 427, in process
self.write_output(filename, metadata, intel)
File "/opt/splunk/etc/apps/DA-ESS-ThreatIntelligence/bin/threat_intelligence_manager.py", line 497, in write_output
time_field='time'
File "/opt/splunk/etc/apps/SA-Utils/lib/SolnCommon/kvstore.py", line 150, in batch_create
response, content = splunk.rest.simpleRequest(uri, sessionKey=session_key, jsonargs=json.dumps(records))
File "/opt/splunk/lib/python2.7/site-packages/splunk/rest/__init__.py", line 500, in simpleRequest
raise splunk.SplunkdConnectionException('Error connecting to %s: %s' % (path, str(e)))
SplunkdConnectionException: Splunkd daemon is not responding: ("Error connecting to /servicesNS/nobody/DA-ESS-ThreatIntelligence/storage/collections/data/threat_group_intel/batch_save: ('The read operation timed out',)",)

Labels (1)
0 Karma
*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!

Review:





Or Learn More in Our Blog >>