Splunk Enterprise Security

Threat Intelligence custom feed error

comantxe
New Member

Hello,

I just configured a new Custom Threat Intelligence feed in Splunk Enterprise Security and I'm getting a strange error in the audit view:

2021-11-24 10:31:04,387+0000 ERROR pid=78967 tid=MainThread file=base_modinput.py:execute:820 | Execution failed: 'ThreatlistModularInput' object has no attribute 'file_path' Traceback (most recent call last): File "/opt/splunk/etc/apps/SA-Utils/lib/SolnCommon/modinput/base_modinput.py", line 811, in execute log_exception_and_continue=True File "/opt/splunk/etc/apps/SA-Utils/lib/SolnCommon/modinput/base_modinput.py", line 388, in do_run self.run(stanza) File "/opt/splunk/etc/apps/SA-ThreatIntelligence/bin/threatlist.py", line 679, in run self.execute_workloads(stanza, args, last_run) File "/opt/splunk/etc/apps/SA-ThreatIntelligence/bin/threatlist.py", line 587, in execute_workloads 'file_path': self.file_path, AttributeError: 'ThreatlistModularInput' object has no attribute 'file_path'

The URL of the feed is :https://api.maltiverse.com/collection/uYxZknEB8jmkCY9eQoUJ/download?filetype=splunk-ipv4&token=eyJ0e...

And as you can notice it is a CSV where column 1 is the description and the second is the IP address, so filling up the formulary in the Threat Intelligence module in Splunk ES with the following format:

Field Value

File parserauto
Delimiting regular expression,
Extracting regular expression 
Fieldsdescription:$1,ip:$2
Ignorign regular expression(^#|^\s*$)
Skip header lines1
Intelligence file encodingUTF8
SinkholeYes

 

Can anybody help me out?

Thanks in advance

Labels (2)
0 Karma
Get Updates on the Splunk Community!

AppDynamics Summer Webinars

This summer, our mighty AppDynamics team is cooking up some delicious content on YouTube Live to satiate your ...

SOCin’ it to you at Splunk University

Splunk University is expanding its instructor-led learning portfolio with dedicated Security tracks at .conf25 ...

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

Organizations handling credit card transactions know that PCI DSS compliance is both critical and complex. The ...