Problem with VirusTotal and AbuseIPDB Integration.

[Ganesh DV]

Hi Team , 

Thanks for your constant support in resolving the raised issues while working with wazuh.

This time while doing integration of VirusTotal and AbuseIPDB with Wazuh, the alerts triggered from VirusTotal and AbuseIPDB is stored in integration.log file attached below.

But these logs are not seen in wazuh dashboard !! so when i troubleshoot ossec.log below errors i got.

errors in ossec.log: wazuh-integratord: ERROR: Exit status was: 1                                                        2023/09/28 13:57:15 wazuh-modulesd:syscollector: INFO: Starting evaluation.                                             2023/09/28 13:57:16 wazuh-modulesd:syscollector: INFO: Evaluation finished.                                             2023/09/28 14:07:30 wazuh-integratord: ERROR: Unable to run integration for custom-abuseipdb.py -> integrations         2023/09/28 14:07:30 wazuh-integratord: ERROR: While running custom-abuseipdb.py -> integrations. Output: requests.exceptions.ConnectionError: ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))

I done integration of same thing in 2 more servers, but there the integration is successful. idk what is the issue with this server 

wazuh version in use: 4.3.6

[Alejandro Ruiz Becerra]

Hello Ganesh

Thanks for your kind words. I'll try to assist you solving this problem.

My guess after reading the logs is that the problem seem to be related to connectivity. I would need some more info to better encircle the issue.

1. You said you have successfully completed the integrations in 2 more servers. Are the scripts identical?
2. You are also doing an integration with VirusTotal. Is this integration working in this server?
3. Did you follow our guides to implement the integrations?

Regards,

Alex