Troubleshooting

This section contains information to help you solve problems that you might encounter while using Kaspersky Threat Intelligence Portal for Resilient.

Problem: A request to Kaspersky Threat Intelligence Portal returns HTTP status code 401 (Unauthorized) or 403 (Forbidden)

To solve this problem, try the following actions:

• Check your user name and password for the Kaspersky Threat Intelligence Portal account:
  • Make sure that you typed them correctly in the app.config file when installing the application.
  • Make sure that they have not expired.
• Check your daily request limit.

  Log in to your Kaspersky Threat Intelligence Portal account and select the Threat Lookup tab. The daily request limit, as well as the number of requests left for the 24-hour window, is displayed in the upper-right corner. If you have no available requests left, wait until the request counter is reset the next day. To increase the daily request limit, contact your technical account manager (TAM).

• Make sure that you have accepted the Terms and Conditions.

  When you log in to your Kaspersky Threat Intelligence Portal account for the first time, you are prompted to read and accept the Terms and Conditions, if you agree to the terms and conditions laid out in this document.

  If you do not accept the Terms and Conditions, you cannot use Kaspersky Threat Intelligence Portal, with which Kaspersky Threat Intelligence Portal for Resilient interacts to retrieve information. You must accept the Terms and Conditions of Kaspersky Threat Intelligence Portal to use Kaspersky Threat Intelligence Portal for Resilient.

• If you are using Python 2.x and are getting a 403 (Forbidden) error, make sure that your Python version is 2.7.9 or later.

Problem: A request to Kaspersky Threat Intelligence Portal returns HTTP status code 404 (Not Found)

In this case, the artifact description contains the following text:

== Kaspersky Threat Intelligence Portal Information ==

Nothing found

HTTP status code: 404

This message means that the application works as expected, but Kaspersky Threat Intelligence Portal has no information about the specified artifact.

Problem: A request to Kaspersky Threat Intelligence Portal returns a "PEM file not found" error message

To solve this problem, try the following actions:

• Check the path to the PEM certificate file:
  • Make sure that you typed the path correctly in the app.config file when installing the application.
  • Make sure that you specified the absolute path to the certificate file.
  • Make sure that resilient-circuits has read access to the directory that holds the certificate file.
• Make sure that your PEM certificate file has not expired.

Using log files to find and resolve issues with Kaspersky Threat Intelligence Portal for Resilient

If you have set up logging at step 7 of the installation procedure, you should now have a log file to which every Resilient component writes its own messages. Messages generated by Kaspersky Threat Intelligence Portal for Resilient are prefixed with [kaspersky_tip_enrichment] or [tip_api_client], as in the following example:

Log files contain both the indicators specified in requests to Kaspersky Threat Intelligence Portal, and search results. It means that log files might contain personal information, so we recommend that you invest extra effort in ensuring information security.