Re: Threatlist scheme error - unable to initialize...

acadea · ‎06-10-2021

Hello,

There is an error "unable to initialize modular input "threatlist"" and it's blocking all the Threat Intel features

How can I troubleshoot and solve this ? Is this a python error ?

The effects are the stanzas are not loaded and the Threat Intelligence Management Menu ( Configure > Data Enrichment) is not loaded and it's showing "not found".

See error log below

Thanks for your ideas

acadea · ‎06-10-2021

ok, found it, I'll leave this here if anyone else will ever encounter this:

it's a bug in Splunk Enterprise Security 6.4.0 which is fixed in 6.41.

Check the release notes for 6.4.1

SOLNESS-24926

Threat Intelligence Framework: Setting SPLUNK_DB triggers this error: ValueError: Illegal escape from parent directory "/opt/splunk": /splunkdata/modinputs/threatlist

https://docs.splunk.com/Documentation/ES/6.4.1/RN/FixedIssues

Threatlist scheme error - unable to initialize modular input

troubleshooting

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Join the Conversation