Hi @andrew_garvin I am facing same issue where I have 2 data poller script in add on. One is getting triggered by interval but other not. I have tried correcting the order of my local/input.conf still not working expected. Can you please suggest what could be wrong ? Below is my config for the script which is having issue. [digital_shadows_threat_intelligence://tes_IOC]
global_account = vitthal
interval = 90
ingesting_iocs = 1
since = 2023-06-05T05:42:56Z
threat_intelligence_updates = 0
disabled = 1
... View more
Thanks for your advice. When I tried to navigate to https://x.y.z.t/cgi-bin/sdee-server using a web browser from Splunk, I got a brunch of XML data as you mention without any problem. We are running the latest version of the Splunk for Cisco IPS app. Everything looks fine but we can't collect IPS logs permanently. It suddenly stops getting logs wihout any reason. How can we solve this problem??
... View more
This was addressed in the latest version of the Splunk for Cisco IPS app. It is encrypted in the inputs.conf config file and not present in the process listing. I highly recommend you upgrade and then remove and re-add your IPS devices.
... View more
I had the exact same issue upgrading from 4.3.3 to 5.0. Coping TA_Windows_FTR AND TA_Windows_IFrame as Windows_FTR AND Windows_IFrame resolved the issue.
... View more
Another problem that can cause this is over-subscribed devices. IPS devices generally have a default subscription limit of 5. Here is one article that details enumerating sessions. We've seen this happen both from stale subscriptions and separately other teams/technologies polling the IPS device.
... View more
Yes, i can do ping, get https from ips it seems that it is ok everything and that was working during year, but after that psod, everything stopped. think maybe i should to reboot the asa IPS module i already rebooted.
... View more