Troubleshoot failed intelligence downloads in Splunk Enterprise Security
Issue
Error message indicating that a threat list failed to download.
Causes
- The threat or intelligence source is no longer available at the IP address or URL. || Attempt to visit the URL or curl the threat source manually.
- Firewall or proxy settings are preventing the intelligence source from being accessed.
- The message is occurring in error.
Solutions
- Attempt to visit the URL or curl the threat source manually. Disable the intelligence source if it is no longer available to download.
- Test if you can visit the URL or curl the intelligence source manually on a different machine. Modify the firewall or proxy settings to allow access to the intelligence source.
- Check the Threat intelligence audit dashboard to determine if the source is being downloaded successfully. Contact Splunk Support.
Troubleshoot messages about unnecessary read or write access to investigation KV Store collections | Troubleshoot threat intelligence in Splunk Enterprise Security |
This documentation applies to the following versions of Splunk® Enterprise Security: 8.0.0
Feedback submitted, thanks!