Skip to content

update replay script error handling and coldfusion log entry #1149

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
nasbench merged 1 commit into from
Mar 27, 2026
+46 −4
Merged

update replay script error handling and coldfusion log entry #1149

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
46 changes: 44 additions & 2 deletions bin/replay.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -109,8 +109,50 @@ def send_data_to_splunk(file_path, splunk_host, hec_token, event_host_uuid,
headers=headers,
verify=False,
)
res.raise_for_status()
print(f":white_check_mark: Sent {file_path} to Splunk HEC")
if res.ok:
print(f":white_check_mark: Sent {file_path} to Splunk HEC")
return

print(
f":x: Error sending {file_path} to Splunk HEC: "
f"HTTP {res.status_code}"
)

try:
response_data = res.json()
hec_code = response_data.get("code")
hec_text = response_data.get("text")
print(f" Splunk HEC response: code={hec_code}, text={hec_text}")

if hec_code == 7:
print(
" Hint: incorrect index. "
"Use --index-override <existing_index> or create attack_data index."
)
elif hec_code == 4:
print(
" Hint: invalid HEC token. "
"Verify SPLUNK_HEC_TOKEN and token status in Splunk."
)
elif hec_code == 6:
print(
" Hint: invalid data format. "
"Check sourcetype/source values and file content."
)
elif hec_code == 10:
print(
" Hint: data channel missing/invalid. "
"Check HEC indexer acknowledgment settings."
)
except ValueError:
print(f" Splunk HEC raw response: {res.text.strip()}")

print(f" URL: {res.url}")
print(
" Metadata: "
f"index={index}, source={source}, sourcetype={sourcetype}, "
f"host={event_host_uuid}"
)
except Exception as e:
print(f":x: Error sending {file_path} to Splunk HEC: {e}")

Expand Down
4 changes: 2 additions & 2 deletions datasets/attack_techniques/T1190/adobe/coldfusion_cve_2023_29298.log
View file
Open in desktop
Git LFS file not shown
Loading