IBM QRadar SOAR

IBM QRadar SOAR

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  IBM Resilient Custom Threat Service 303 Error

    Posted Mon June 28, 2021 09:58 AM
    Hi. I recently cloned one of the projects from ibmresilient/resilient-community-apps.
    I made changes and ran the setup.py. When I run it the first time out I see a 303 code for the request in my custom threat service and the subsequent request gives a 200 OK. Is there a fix for this issue as I'm seeing any hits when I add an artifact to the incident in resilient.

    ------------------------------
    Shishir Lakkadi
    ------------------------------


  • 2.  RE: IBM Resilient Custom Threat Service 303 Error

    Posted Tue June 29, 2021 08:59 AM
    Hi Shishir,

    This is the normal operation of a custom threat feed. The handshake between Resilient and the custom threat service is to first initiate the threat lookup but then disconnect and return later to retrieve the results. So the 303 is the retry later status code followed by the retrieval of the hits in a second (or third) lookup.

    ------------------------------
    Mark Scherfling
    ------------------------------

    Original Message


  • 3.  RE: IBM Resilient Custom Threat Service 303 Error

    Posted Thu July 01, 2021 03:45 PM
    Shishir,

    This guide has been helpful for me when creating my own CTSes

    Hope it helps!

    ------------------------------
    Liam Mahoney
    ------------------------------

    Original Message


Related Content