refamethod.blogg.se

22 Januari 2023 - 11:43
Virus totals by state
Allmänt
Virus totals by state









virus totals by state virus totals by state

As such, they try to find a local copy and execute it. (although I had only ever seen it affect Splunk versions <7.0 ) Basically, what's happening is that the indexers are trying to use the "| virustotal" command as a StreamingCommand. So "Application does not exist: TA-VirusTotal" is a known issue. We are now in the process of testing it in the any of our intermediate forwarders. Interestingly I was told by a teammate that we are not allowed to make any http/https connection from Splunk cloud / ES app as it is paid and expensive. I am yet to test it from my home network. (Caused by : No connection could be made because the target machine actively refused it)". Then I installed it on my test Splunk SH (Splunk Enterprise Version:ħ.3.1) where I was getting the following "Unexpected error when querying VirusTotal API: HTTPSConnectionPool(host=' port=443): Max retries exceeded with url: /vtapi/v2/file/report?. HTTPError at "/opt/splunk/var/run/searchpeers/-1568379893/apps/TA-VirusTotal/bin/splunklib/binding.py", line 1228 : HTTP 404 Not Found - Application does not exist: TA-VirusTotal Refer to search.log for these messages or nf to configure this limit. 13 messages have not been written to info.csv. The limit has been reached for log messages in info.csv. So, the TA is installed on Splunk ES (cloud - Version:7.2.7.4) instance which is throwing the following error messages: Any information you are able to provide, will go a long way to helping me find the issue. But if you are using version 2.0.0 (which is fairly new), it is also possible there is a connectivity bug somewhere that my testing didn't catch. The error you got would indicate that there may be a connectivity issue (maybe a firewall?) preventing the TA from connecting to the VirusTotal API endpoints. Does your environment require a proxy to call out to the internet

virus totals by state

Search Head, Indexer, Heavy Forwarder, All-In-One) Whether the Splunk instance you installed it on is Splunk Cloud or on-premises I am the developer of this Add-on, so hopefully I can help you out.Īs I have not encountered this issue previously, could you provide me with some more details about your environment to help me diagnose this problem? Sorry to hear you are having trouble with the TA.











Virus totals by state
0 kommentar(er)
Om Mig: