×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
smaat11
Explorer
Member since: ‎03-30-2017
‎06-05-2020
Community Statistics
Posts 6
Solutions 1
Karma Given 0
Karma Received 3
Member Since ‎03-30-2017
Activity Feed
View All

Re: Symantec Cloud Scripted Input

by in Getting Data In
‎04-11-2018 07:09 AM
2 Karma
‎04-11-2018 07:09 AM
2 Karma
Finally got back to working on this... Still new to Splunk, Python and the Symantec Cloud app, but it appeared like the Symantec instructions were written more for a Linux implementation of Splunk.... Anyway, I partially got this to work by: (1) Upgrading to Splunk 7.03 (2) Downloading/Copying the Dateutil library into the \bin\scripts directory (3) Changing the Path variable to the SEPConfig.Ini file in the ExportClient.py script. OLD r3_url = "https://usea1.r3.securitycloud.symantec.com/r3_epmp_i" oauth_url = "/oauth2/tokens" export_api = "/sccs/v1/events/export" CONFIG_INI = os.path.join('/Applications/Splunk/', 'bin', 'scripts', 'SEPCloudConfig.ini') NEW ## Full path to my Splunk installation MySplunk_Home = 'C:\Program Files\Splunk' r3_url = "https://usea1.r3.securitycloud.symantec.com/r3_epmp_i" oauth_url = "/oauth2/tokens" export_api = "/sccs/v1/events/export" CONFIG_INI = os.path.join(MySplunk_Home, 'bin', 'scripts', 'SEPCloudConfig.ini') (4) Changing the Scripted Input to reference the actual ExportClient.py script instead of the Wrapper.sh file provided by Symantec. ... View more

Re: Does the FortiGate addon work with the new Spl...

by in All Apps and Add-ons
‎04-11-2018 06:56 AM
‎04-11-2018 06:56 AM
Thanks for the info. I will give that a try and let you know if it works out. ... View more

Re: Does the FortiGate addon work with the new Spl...

by in All Apps and Add-ons
‎04-11-2018 06:55 AM
‎04-11-2018 06:55 AM
Small single server implementation at the moment, so yes both Security Essentials and Fortigate add-on are installed on the search head. ... View more

Does the FortiGate addon work with the new Splunk ...

by in All Apps and Add-ons
‎04-10-2018 02:22 PM
‎04-10-2018 02:22 PM
Will the Fortigate Addon work with the new Splunk Security Essentials App (v2.1) out of the box or will I need to make additional customizations to get things working? I am thinking it's the latter since the use case for Basic Scanning shows the requirement "Must have Firewall Data" is satisfied for live data (Green Check), but the requirement "Must have a dest_ip and dest_port field" is not meeting requirements of the app (red exclimation). ... View more

Re: Symantec Cloud Scripted Input

by in Getting Data In
‎03-27-2018 02:29 PM
‎03-27-2018 02:29 PM
Went and coped the dateutil library to the /Applications/Splunk/bin/scripts/ directory, and tried re-running ExportClient.py script from the command line. THis time received the following error: C:\Program Files\Splunk\bin>splunk cmd python scripts\ExportClient.py Traceback (most recent call last): File "scripts\ExportClient.py", line 8, in <module> import dateutil.parser File "C:\Program Files\Splunk\bin\scripts\dateutil\parser\__init__.py", line 2 , in <module> from ._parser import parse, parser, parserinfo File "C:\Program Files\Splunk\bin\scripts\dateutil\parser\_parser.py", line 42 , in <module> import six ImportError: No module named six My guess is the Symantec Documentation is making an assumption on what python modules are installed since now it can't seem to find "six". I am running Splunk Enterprise is 6.6.1. is there difference in the python that is included with version 7 ? ... View more

Symantec Cloud Scripted Input

by in Getting Data In
‎03-27-2018 01:56 PM
1 Karma
‎03-27-2018 01:56 PM
1 Karma
Evaluating Symantec EndPoint Protection Cloud product which has a technote for getting events into Splunk Enterprise running on a Windows Server. Created a scripted input per the Symantec Technote Symantec Technote however I get the following error in SPLUNKD.log ERROR ExecProcessor - Couldn't start command ""C:\Program Files\Splunk\bin\scripts\wrapper.sh"": FormatMessage was unable to decode error (193), (0xc1) The scripted input uses a wrapper (wrapper.sh) for calling a python script. Contents of the wrapper.sh file are #!/bin/bash /usr/bin/python /Applications/Splunk/bin/scripts/ExportClient.py If I try and execute the actual python script (ExportClient.py) from the command line I get the following error: C:\Program Files\Splunk\bin>splunk cmd python scripts\ExportClient.py Traceback (most recent call last): File "scripts\ExportClient.py", line 8, in import dateutil.parser ImportError: No module named dateutil.parser Any help is appreciated. ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM
Karma from
View All