Splunk Enterprise

Error Messages on CISA Taxii Input

OiskyPoisky
Explorer

Evening All,

Have been working on setting up a Taxii feed pulling observables in from CISA/DHS however seem to be encountering the following error message which looks like an SSL error:

ssl.SSLError: [SSL] PEM lib (_ssl.c:3954)

I've been digging around but cant seem to find much on this exact error code. Cert and Key files  are defined correctly as we use those same cert/key files in a separate technology "MineMeld" which is working as expected. Those files are uploaded into the credential manager and documentation followed under the  https://docs.splunk.com/Documentation/ES/6.5.0/Admin/Downloadthreatfeed link.

2021-05-04 19:38:06,931+0000 ERROR pid=16982 tid=MainThread file=threatlist.py:download_taxii:473 | [SSL] PEM lib (_ssl.c:3954) Traceback (most recent call last): File "/opt/splunk/etc/apps/SA-ThreatIntelligence/bin/threatlist.py", line 436, in download_taxii taxii_message = handler.run(args, handler_args) File "/opt/splunk/etc/apps/SA-ThreatIntelligence/bin/taxii_client/__init__.py", line 171, in run return self._poll_taxii_11(parsed_args) File "/opt/splunk/etc/apps/SA-ThreatIntelligence/bin/taxii_client/__init__.py", line 81, in _poll_taxii_11 http_resp = client.call_taxii_service2(args.get('url'), args.get('service'), tm11.VID_TAXII_XML_11, poll_xml, port=args.get('port'), timeout=args['timeout']) File "/opt/splunk/etc/apps/SA-ThreatIntelligence/contrib/libtaxii/clients.py", line 344, in call_taxii_service2 response = urllib.request.urlopen(req, timeout=timeout) File "/opt/splunk/lib/python3.7/urllib/request.py", line 222, in urlopen return opener.open(url, data, timeout) File "/opt/splunk/lib/python3.7/urllib/request.py", line 525, in open response = self._open(req, data) File "/opt/splunk/lib/python3.7/urllib/request.py", line 543, in _open '_open', req) File "/opt/splunk/lib/python3.7/urllib/request.py", line 503, in _call_chain result = func(*args) File "/opt/splunk/etc/apps/SA-ThreatIntelligence/contrib/libtaxii/clients.py", line 374, in https_open return self.do_open(self.get_connection, req) File "/opt/splunk/lib/python3.7/urllib/request.py", line 1318, in do_open h = http_class(host, timeout=req.timeout, **http_conn_args) File "/opt/splunk/etc/apps/SA-ThreatIntelligence/contrib/libtaxii/clients.py", line 382, in get_connection key_password=self.key_password) File "/opt/splunk/etc/apps/SA-ThreatIntelligence/contrib/libtaxii/clients.py", line 437, in __init__ cert_file, key_file, password=key_password) ssl.SSLError: [SSL] PEM lib (_ssl.c:3954)

Any thoughts on what this could be at all?

 

Cheers,

Tom

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...