Splunk Enterprise Security

threat intelligence upload not working too

saraomd93
Explorer

i get this error when upload a csv file with 2 column that included id number and maliciuos domain but when i go to threat intelligence audit i see this error:

2023-11-06 13:15:52,655+0000 WARNING pid=3558172 tid=MainThread file=add_threat_workload.py:_sinkhole_file:151 | status="Sinkholing of local files is not allowed" stanza="8

 

and 

2023-11-06 13:16:22,699+0000 ERROR pid=3558172 tid=MainThread file=base_modinput.py:execute:820 | Execution failed: Splunkd daemon is not responding: ('Error connecting to /servicesNS/nobody/SA-ThreatIntelligence/storage/collections/data/threat_intel_meta2/batch_save: The read operation timed out',)
Traceback (most recent call last):
File "/Splunk-db/splunk/lib/python3.7/site-packages/splunk/rest/__init__.py", line 567, in simpleRequest
serverResponse, serverContent = h.request(uri, method, headers=headers, body=payload)
File "/Splunk-db/splunk/lib/python3.7/site-packages/httplib2/__init__.py", line 1968, in request
cachekey,
File "/Splunk-db/splunk/lib/python3.7/site-packages/httplib2/__init__.py", line 1626, in _request
conn, request_uri, method, body, headers
File "/Splunk-db/splunk/lib/python3.7/site-packages/httplib2/__init__.py", line 1564, in _conn_request
response = conn.getresponse()
File "/Splunk-db/splunk/lib/python3.7/http/client.py", line 1373, in getresponse
response.begin()
File "/Splunk-db/splunk/lib/python3.7/http/client.py", line 319, in begin
version, status, reason = self._read_status()
File "/Splunk-db/splunk/lib/python3.7/http/client.py", line 280, in _read_status
line = str(self.fp.readline(_MAXLINE + 1), "iso-8859-1")
File "/Splunk-db/splunk/lib/python3.7/socket.py", line 589, in readinto
return self._sock.recv_into(b)
File "/Splunk-db/splunk/lib/python3.7/ssl.py", line 1079, in recv_into
return self.read(nbytes, buffer)
File "/Splunk-db/splunk/lib/python3.7/ssl.py", line 937, in read
return self._sslobj.read(len, buffer)
socket.timeout: The read operation timed out
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/Splunk-db/splunk/etc/apps/SA-Utils/lib/SolnCommon/modinput/base_modinput.py", line 811, in execute
log_exception_and_continue=True
File "/Splunk-db/splunk/etc/apps/SA-Utils/lib/SolnCommon/modinput/base_modinput.py", line 388, in do_run
self.run(stanza)
File "/Splunk-db/splunk/etc/apps/SA-ThreatIntelligence/bin/threatlist.py", line 709, in run
logger=self.logger
File "/Splunk-db/splunk/etc/apps/SA-ThreatIntelligence/bin/threat_utils/utils.py", line 181, in set_threat_intel_meta
options
File "/Splunk-db/splunk/etc/apps/SA-Utils/lib/SolnCommon/kvstore.py", line 186, in batch_create
uri, sessionKey=session_key, jsonargs=json.dumps(records))
File "/Splunk-db/splunk/lib/python3.7/site-packages/splunk/rest/__init__.py", line 579, in simpleRequest
raise splunk.SplunkdConnectionException('Error connecting to %s: %s' % (path, str(e)))
splunk.SplunkdConnectionException: Splunkd daemon is not responding: ('Error connecting to /servicesNS/nobody/SA-ThreatIntelligence/storage/collections/data/threat_intel_meta2/batch_save: The read operation timed out',)

Labels (1)
Tags (1)
0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...