IBM QRadar SOAR

IBM QRadar SOAR

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Automatic Escalation not working with New version of SOAR Plugin

    Posted 24 days ago

    Hi, 

    Not sure if anyone faced this issue, but ever since we updated the SOAR plugin to newest version we are unable to see automatic escalation to soar. Manual escalation of the offense works fine. 

    Connection to the SOAR server is ok. 

    Any idea or pointers on where to look for more troubleshooting? 

    Soar Plugin version 5.6.0 (with content installed)



    ------------------------------
    Abdullah Tadefi
    ------------------------------


  • 2.  RE: Automatic Escalation not working with New version of SOAR Plugin

    Posted 23 days ago

    Hi Abdullah,

    It is difficult to exactly point what might be causing it without looking at logs which can be downloaded from the application UI. What version did you upgrade from? You can try restarting "ecs-ep" service on qradar console to see if it makes any difference or any error you see in circuits.log. Feel free to create a support case and attach the logs for us to review and suggest further.



    ------------------------------
    DillipNath
    ------------------------------

    Original Message


  • 3.  RE: Automatic Escalation not working with New version of SOAR Plugin

    Posted 23 days ago

    Hi Abdullah, I found these technotes, perhaps they can help you debug the error.  If nothing works, you can always open a case with support.
    There is known issue in 5.6.0:  see https://www.ibm.com/mysupport/s/defect/aCIgJ00000007EPWAY/dt437287?language=en_US

    the below links are a bit older but could help debugging further if the above technote is not applicable to you.
    https://www.ibm.com/support/pages/how-resolve-automated-escalation-failures-using-soar-integration-application-qradar
    https://www.ibm.com/support/pages/ibm-qradar-offenses-are-not-escalated-due-configuration-issues-ibm-qradar-soar-or-cloud-pak-security



    ------------------------------
    Erwin
    ------------------------------

    Original Message


  • 4.  RE: Automatic Escalation not working with New version of SOAR Plugin

    Posted 7 days ago

    Hello, Abdullah


    Has the issue been resolved at this point?

    If not, it may be worth considering renewing the certificate used for the SIEM–SOAR integration.

    I'm sharing the link below for your reference:

    https://www.ibm.com/docs/ko/qradar-common?topic=configuration-configuring-access-inbound-destinations

    Please note that the sentence may sound awkward as it was translated using a translation tool.



    ------------------------------
    Yongwon Song
    ------------------------------

    Original Message


Related Content