Hi Tomasz, thanks for jumping in. So, the TA is installed on Splunk ES (cloud - Version:7.2.7.4) instance which is throwing the following error messages:
The limit has been reached for log messages in info.csv. 13 messages have not been written to info.csv. Refer to search.log for these messages or limits.conf to configure this limit.
[idx-i-0164f585a5c92c18a.merck.splunkcloud.com] HTTPError at "/opt/splunk/var/run/searchpeers/sh-i-051e06f061f25a5b1.merck.splunkcloud.com-1568379893/apps/TA-VirusTotal/bin/splunklib/binding.py", line 1228 : HTTP 404 Not Found -- Application does not exist: TA-VirusTotal
[idx-i-016d50225de4df6a6.merck.splunkcloud.com] HTTPError at "/opt/splunk/var/run/searchpeers/sh-i-051e06f061f25a5b1.merck.splunkcloud.com-1568379893/apps/TA-VirusTotal/bin/splunklib/binding.py", line 1228 : HTTP 404 Not Found -- Application does not exist: TA-VirusTotal
Then I installed it on my test Splunk SH (Splunk Enterprise Version:
7.3.1) where I was getting the following "Unexpected error when querying VirusTotal API: HTTPSConnectionPool(host='www.virustotal.com', port=443): Max retries exceeded with url: /vtapi/v2/file/report?.... (Caused by : [Errno 10061] No connection could be made because the target machine actively refused it)".
I am yet to test it from my home network. Interestingly I was told by a teammate that we are not allowed to make any http/https connection from Splunk cloud / ES app as it is paid and expensive. We are now in the process of testing it in the any of our intermediate forwarders.
... View more