×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
joni73
Explorer
Member since: ‎03-23-2014
‎06-05-2020
Community Statistics
Posts 4
Solutions 0
Karma Given 1
Karma Received 1
Member Since ‎03-23-2014
Activity Feed
View All

Re: Optiv Threat Intel: After initial configuratio...

by in Getting Data In
‎12-05-2016 11:43 AM
‎12-05-2016 11:43 AM
FYI this error is still there (for me at least) in v. 3.20 ... View more

Re: Optiv Treat Intel Splash only two lists get po...

by in All Apps and Add-ons
‎11-25-2016 03:35 AM
‎11-25-2016 03:35 AM
One note, if you are working on a new release, I too have the problems mentioned in this thread (https://answers.splunk.com/answers/439382/optiv-threat-intel-after-initial-configuration-get.html). I am able to use the workaround mentioned, by modifying the conf files directly, but It isn't possible to modify this through the Splunk GUI (the changes from the config files aren't shown in the GUI either). This is just FYI 🐵 Have a nice weekend. ... View more

Re: Optiv Treat Intel Splash only two lists get po...

by in All Apps and Add-ons
‎11-25-2016 12:07 AM
‎11-25-2016 12:07 AM
Thank you very much. This did indeed help 🐵 As you can see, it now populates most fields. Off course the AlienVault isn't working. Strangely enough the Binary Defence isn't, but I'll give the splunk search a look. Again, thank you for your help. ... View more

Optiv Treat Intel Splash only two lists get popula...

by in All Apps and Add-ons
‎11-24-2016 12:40 PM
1 Karma
‎11-24-2016 12:40 PM
1 Karma
Hi all Well I guess a picture says more than a thousand words, so I will try to show you the problem. As you Malc0de and Emerging Threats get populated. The others have an N/A. If I look in the troubleshooting logs, I'll see this: [] Script Started at: 11-24-2016 12:42:35 GMT [] Script version: 3.00 URL: http://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt Finished retrieving 818 IPs from SpamHaus. Finished retrieving 23 IPs from Dshield. Finished retrieving 716 IPs from Feodo. URL: http://rules.emergingthreats.net/blockrules/compromised-ips.txt Finished retrieving 1423 Emerging Threats Compromised IPs. URL: http://www.binarydefense.com/banlist.txt Finished retrieving 4336 IPs from Binary Defense. URL: http://malc0de.com/bl/IP_Blacklist.txt Finished retrieving 262 malc0de_IPs. URL: https://reputation.alienvault.com/reputation.generic Forbidden Access denied! [*] Executing get alerts script. If I try to run the optiv_threat_lists.py manually, I'll get this: /opt/splunk/etc/apps/optiv_threat_intel/bin# ./optiv_threat_lists.py logfile_name: /opt/splunk/var/log/splunk/optiv_threat_lists_script11-24-2016-20-29-58.log [*] Script Started at: 11-24-2016 20:29:58 GMT [*] Script version: 3.00 URL: http://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt Finished retrieving 818 IPs from SpamHaus. Finished retrieving 23 IPs from Dshield. Finished retrieving 716 IPs from Feodo. URL: http://rules.emergingthreats.net/blockrules/compromised-ips.txt Finished retrieving 1423 Emerging Threats Compromised IPs. URL: http://www.binarydefense.com/banlist.txt Finished retrieving 4370 IPs from Binary Defense. URL: http://malc0de.com/bl/IP_Blacklist.txt Finished retrieving 255 malc0de_IPs. URL: https://reputation.alienvault.com/reputation.generic Forbidden Access denied! Traceback (most recent call last): File "./optiv_threat_lists.py", line 883, in main() File "./optiv_threat_lists.py", line 817, in main parseAlienVault(raw_threatlist) File "./optiv_threat_lists.py", line 703, in parseAlienVault AlienVaultIPs = urlResults.split('# Generic format') AttributeError: 'int' object has no attribute 'split' Any help would be appreciated. Thank you ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma from
View All
Karma given to
View All