Hello,
I am trying the new threat intel module, I am having an error in the otx
2021-07-09T16:33:12.322+0200 ERROR [input.httpjson-cursor.retryablehttp] go-retryablehttp@v0.6.6/client.go:553 request failed%!(EXTRA string=error, *url.Error=Get "": unsupported protocol scheme "", string=method, string=GET, string=url, *url.URL=) {"input_source": "https://otx.alienvault.com/api/v1/indicators/export", "input_url": "https://otx.alienvault.com/api/v1/indicators/export"}
2021-07-09T16:33:12.322+0200 ERROR [input.httpjson-cursor] v2/request.go:186 error processing response: failed to execute http client.Do: Get "": Get "": unsupported protocol scheme "" {"input_source": "https://otx.alienvault.com/api/v1/indicators/export", "input_url": "https://otx.alienvault.com/api/v1/indicators/export"}
I didn't change anything in the configuration, I just added my api_token
, so my configuration looks like that:
otx:
enabled: true
# Input used for ingesting threat intel data
var.input: httpjson
# The URL used for OTX Threat Intel API calls.
var.url: https://otx.alienvault.com/api/v1/indicators/export
# The authentication token used to contact the OTX API, can be found on the OTX UI.
var.api_token: MY_API_TOKEN
# Optional filters that can be applied to retrieve only specific indicators.
#var.types: "domain,IPv4,hostname,url,FileHash-SHA256"
# The timeout of the HTTP client connecting to the OTX API
#var.http_client_timeout: 120s
# How many hours to look back for each request, should be close to the configured interval. Deduplication of events is handled by the module.
var.lookback_range: 1h
# How far back to look once the beat starts up for the first time, the value has to be in hours.
var.first_interval: 400h
# The interval to poll the API for updates
var.interval: 5m
Any hep please!
Best regards