Configparserer.py then KeyError

[piExpr]

x:~$ python3 /home/ubuntu/zscaler-FalconX-integration/intelbridge/intelbridge.py Traceback (most recent call last): File "/home/ubuntu/zscaler-FalconX-integration/intelbridge/intelbridge.py", line 25, in from indicators.indicators import get_indicators, prepare_indicators #, write_data File "/home/ubuntu/zscaler-FalconX-integration/intelbridge/indicators/indicators.py", line 10, in from auth.auth import cs_auth File "/home/ubuntu/zscaler-FalconX-integration/intelbridge/auth/auth.py", line 16, in cs_config = config['CROWDSTRIKE'] File "/usr/lib/python3.10/configparser.py", line 965, in getitem raise KeyError(key) KeyError: 'CROWDSTRIKE'

Any direction on how to fix this? I'm running this inside of lab ubuntu instance.

[marcispauls]

from the error seems you dont have config.ini with [CROWDSTRIKE]

[piExpr]

Using the config.ini with all the required API creds. Using VSCode on my machine with all the dependencies installed. Should the intelbridge.py be on env variable path? Is there anything else needed as far as making edits to the code? Getting no where with this. tia

[marcispauls]

not really - did as described, created config and done

[piExpr]

What was your env setup like? Local machine with some compiler? Docket container? Some flavor linux?

I'm running on my mac with VScode the folder path to repo

[piExpr]

used the original repo with config.py then ran setup... appears to be working

recent repo kept returning config parser and all sorts of error

[rkslattery]

Hello, I have the integration working as expected and can call 'python3 intelbridge' and it works flawlessly, however, if I try to call the full path to the python script, I get the same exact error as the OP. I am trying to CRON this and it requires the full path. My output when calling the full path:

person@AZW-ZSCALER01:/var/log$ python3 /home/person/zscaler-FalconX-integration/intelbridge/intelbridge.py Traceback (most recent call last): File "/home/person/zscaler-FalconX-integration/intelbridge/intelbridge.py", line 25, in from indicators.indicators import get_indicators, prepare_indicators #, write_data File "/home/person/zscaler-FalconX-integration/intelbridge/indicators/indicators.py", line 10, in from auth.auth import cs_auth File "/home/person/zscaler-FalconX-integration/intelbridge/auth/auth.py", line 16, in cs_config = config['CROWDSTRIKE'] File "/usr/lib/python3.10/configparser.py", line 965, in getitem raise KeyError(key) KeyError: 'CROWDSTRIKE'

Anyone else experience this or have a working CRON config? Thanks

[marcispauls]

have you tried to change path to /home/person/zscaler-FalconX-integration/intelbridge/ and then launch?

[rkslattery]

Hello, thank you for your inquiry. Yes, it works when called from that directory. I resolved the whole CRON issue by creating a new service instead and enabling it on reboot. Since I was told CrowdStrike doesn't update their malicious urls very frequently, the default sleep time in this script of 12 hours was recommended.

New service /etc/systemd/system/intelbridge.service

The file has the following entries: [Unit] Description=CrowStrike Integration with Zscaler

[Service] WorkingDirectory=/home/atiadmin/zscaler-FalconX-integration ExecStart=/usr/bin/python3 intelbridge User=

[Install] WantedBy=multi-user.target

Reload the daemon systemctl daemon-reload

Start the service systemctl start intelbridge.service

Check the status systemctl status intelbridge.service

Enable on reboot systemctl enable intelbridge.service