This section contains information to help you solve problems that you might encounter while using Kaspersky Threat Intelligence Portal for Resilient.
Problem: A request to Kaspersky Threat Intelligence Portal returns HTTP status code 401 (Unauthorized) or 403 (Forbidden)
To solve this problem, try the following actions:
Log in to your Kaspersky Threat Intelligence Portal account and select the Threat Lookup tab. The daily request limit, as well as the number of requests left for the 24-hour window, is displayed in the upper-right corner. If you have no available requests left, wait until the request counter is reset the next day. To increase the daily request limit, contact your technical account manager (TAM).
When you log in to your Kaspersky Threat Intelligence Portal account for the first time, you are prompted to read and accept the Terms and Conditions, if you agree to the terms and conditions laid out in this document.
If you do not accept the Terms and Conditions, you cannot use Kaspersky Threat Intelligence Portal, with which Kaspersky Threat Intelligence Portal for Resilient interacts to retrieve information. You must accept the Terms and Conditions of Kaspersky Threat Intelligence Portal to use Kaspersky Threat Intelligence Portal for Resilient.
403 (Forbidden) error, make sure that your Python version is 2.7.9 or later.Problem: A request to Kaspersky Threat Intelligence Portal returns HTTP status code 404 (Not Found)
In this case, the artifact description contains the following text:
== Kaspersky Threat Intelligence Portal Information ==
Nothing found
HTTP status code: 404
This message means that the application works as expected, but Kaspersky Threat Intelligence Portal has no information about the specified artifact.
Problem: A request to Kaspersky Threat Intelligence Portal returns a "PEM file not found" error message
To solve this problem, try the following actions:
Using log files to find and resolve issues with Kaspersky Threat Intelligence Portal for Resilient
If you have set up logging at step 7 of the installation procedure, you should now have a log file to which every Resilient component writes its own messages. Messages generated by Kaspersky Threat Intelligence Portal for Resilient are prefixed with [kaspersky_tip_enrichment] or [tip_api_client], as in the following example:
2018-10-22 16:45:30,943 INFO [kaspersky_tip_enrichment] Ioc for lookup: 44D88612FEA8A8F36DE82E1278ABB021 (Malware MD5 Hash) 2018-10-22 16:45:30,946 INFO [tip_api_client] Connecting to tip.kaspersky.com 2018-10-22 16:45:30,947 DEBUG [client] Sending SEND frame [headers={'correlation-id': 'invid:279', 'destination': '/queue/acks.201.kaspersky_tip'}, body=b'{"message_type": 0, ...', version=1.2] 2018-10-22 16:45:30,948 DEBUG [tip_api_client] TIP request path: /api/hash/44D88612FEA8A8F36DE82E1278ABB021?count=2§ions=Zone,FileGeneralInfo,DetectionsInfo 2018-10-22 16:45:30,949 DEBUG [stomp_component] Message sent 2018-10-22 16:45:31,022 DEBUG [tip_api_client] Status: 401 2018-10-22 16:45:31,024 INFO [kaspersky_tip_enrichment] Ioc for lookup: 44D88612FEA8A8F36DE82E1278ABB021 (Malware MD5 Hash) result: == Kaspersky Threat Intelligence Portal Information ==
Unauthorized HTTP status code: 401 |
Log files contain both the indicators specified in requests to Kaspersky Threat Intelligence Portal, and search results. It means that log files might contain personal information, so we recommend that you invest extra effort in ensuring information security.
Page top