Hi, I have the same issue: have you ever solved the problem?   Thanks Marta ... View more

@dpreston31 wrote: Did some research and found out that automating VirusTotal lookups is restricted to 4 lookups per minute. Both via VirusTotal Checker's method of appending hashes o a virustotal.com search URL, and via the VT Public API 2.0 access. https://www.virustotal.com/en/documentation/public-api/#getting-ip-reports  Explains why in the screenshots he limited the search to 10 events "head 10". Which by the way, successfully works and retrieves VT results only after I go to VirusTotal.com and do the CAPTCHA. i also wanna know why in the screenshots he limited the search to 10 events "head 10" ... View more

Hi, when I added it to my dashboard, the table doesn't show any results, it says "Search is waiting for input..." ... View more

I just figured out this for our configurations.... basically the inputs were under a different app context... I went into each input we had setup and changed it back to the DB Connect app. ... View more

@cusello Can you provide specific location for apps and addons to be present for single instance deployment and for first time.? ... View more

Check if you have required app installed on Splunk Cloud search-head, looks you are referring to VirusTotal Malware Lookup for Splunk: https://splunkbase.splunk.com/app/4283 If not, raise a request for Splunk support for app installation. ... View more

I had our O365 admin use his Admin acct to auth in an incognito window after hitting add. It then has the admin prompt for the access the API/app needs, hit ok... splunk app then adds fine. ... View more

since this app looks to be abandoned - see this one... seems pretty good. https://splunkbase.splunk.com/app/2895/#/details ... View more

A thousand times.... THANK YOU. Followed your steps and the OSSEC agent Management piece is working again now!!!!! ... View more