I have this error when trying to integrate resilient with qradar, can you help me solving this issue.


Thank you..

------------------------------
Ayman Sabri
------------------------------

Hello,

i need help here :D !!


------------------------------
Ayman Sabri
------------------------------

Original Message:
Sent: Tue February 18, 2020 11:56 AM
From: Ayman Sabri
Subject: Integrating IBM Resilient with Qradar

I have this error when trying to integrate resilient with qradar, can you help me solving this issue.

Thank you..

------------------------------
Ayman Sabri
------------------------------

Hi Ayman,

The problem is that the Docker container where the app is running on QRadar has not got access to Resilient over port 443. This could be a problem with your network from the container to Resilient, a proxy set in the container and so forth.

Use the document -> https://www.ibm.com/support/pages/node/1160758 to enter the container using recon and run curl -v -k https://resilient.dataprotect.ma:443 to see if the container has access to Resilient. Try increasing the timeout value and test again within the app.

If curl works then enable debug as detailed in the document, recreate  and create a case with the support team at https://www.ibm.com/mysupport for the support team to assist. Please upload the logs when creating the case.

------------------------------
BEN WILLIAMS
------------------------------

Original Message:
Sent: Wed February 19, 2020 03:53 AM
From: Ayman Sabri
Subject: Integrating IBM Resilient with Qradar

Hello,

i need help here :D !!


------------------------------
Ayman Sabri

Original Message:
Sent: Tue February 18, 2020 11:56 AM
From: Ayman Sabri
Subject: Integrating IBM Resilient with Qradar

I have this error when trying to integrate resilient with qradar, can you help me solving this issue.

Thank you..

------------------------------
Ayman Sabri
------------------------------

the result of curl command.

sh-4.1# curl -v -k https://resilient.dat*****.ma:443
* About to connect() to resilient.dat****.ma port 443 (#0)
* Trying 10.254.60.13... connected
* Connected to resilient.dat***.ma (10.254.60.13) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* warning: ignoring value of ssl.verifyhost
* skipping SSL peer certificate verification
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
* Server certificate:
* subject: CN=resilient.dat*****.ma
* start date: Feb 18 10:01:11 2020 GMT
* expire date: Feb 15 10:01:11 2030 GMT
* common name: resilient.dat***.ma
* issuer: CN=resilient.data****.ma
> GET / HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: resilient.****.ma
> Accept: */*
>
< HTTP/1.1 200 OK
< X-Content-Type-Options: nosniff


How can i increase the timeout value ?

Thank you

------------------------------
Ayman Sabri
------------------------------

Original Message:
Sent: Wed February 19, 2020 04:06 AM
From: BEN WILLIAMS
Subject: Integrating IBM Resilient with Qradar

Hi Ayman,

The problem is that the Docker container where the app is running on QRadar has not got access to Resilient over port 443. This could be a problem with your network from the container to Resilient, a proxy set in the container and so forth.

Use the document -> https://www.ibm.com/support/pages/node/1160758 to enter the container using recon and run curl -v -k https://resilient.da*****.ma:443 to see if the container has access to Resilient. Try increasing the timeout value and test again within the app.

If curl works then enable debug as detailed in the document, recreate  and create a case with the support team at https://www.ibm.com/mysupport for the support team to assist. Please upload the logs when creating the case.

------------------------------
BEN WILLIAMS

Original Message:
Sent: Wed February 19, 2020 03:53 AM
From: Ayman Sabri
Subject: Integrating IBM Resilient with Qradar

Hello,

i need help here :D !!


------------------------------
Ayman Sabri

Original Message:
Sent: Tue February 18, 2020 11:56 AM
From: Ayman Sabri
Subject: Integrating IBM Resilient with Qradar

I have this error when trying to integrate resilient with qradar, can you help me solving this issue.

Thank you..

------------------------------
Ayman Sabri
------------------------------

I didn't find the /store/app.config file in the container , How can i see logs the app version is 4.3.3

------------------------------
Ayman Sabri
------------------------------

Original Message:
Sent: Wed February 19, 2020 04:06 AM
From: BEN WILLIAMS
Subject: Integrating IBM Resilient with Qradar

Hi Ayman,

The problem is that the Docker container where the app is running on QRadar has not got access to Resilient over port 443. This could be a problem with your network from the container to Resilient, a proxy set in the container and so forth.

Use the document -> https://www.ibm.com/support/pages/node/1160758 to enter the container using recon and run curl -v -k https://resilient.dataprotect.ma:443 to see if the container has access to Resilient. Try increasing the timeout value and test again within the app.

If curl works then enable debug as detailed in the document, recreate  and create a case with the support team at https://www.ibm.com/mysupport for the support team to assist. Please upload the logs when creating the case.

------------------------------
BEN WILLIAMS

Original Message:
Sent: Wed February 19, 2020 03:53 AM
From: Ayman Sabri
Subject: Integrating IBM Resilient with Qradar

Hello,

i need help here :D !!


------------------------------
Ayman Sabri

Original Message:
Sent: Tue February 18, 2020 11:56 AM
From: Ayman Sabri
Subject: Integrating IBM Resilient with Qradar

I have this error when trying to integrate resilient with qradar, can you help me solving this issue.

Thank you..

------------------------------
Ayman Sabri
------------------------------

this is the log of /store/log/app.log:


Feb 19 11:24:04 127.0.0.1 [APP_ID/2251][NOT:0000006000][INFO] Closing reasons missing from QRadar: []
Feb 19 11:24:25 127.0.0.1 [APP_ID/2251][NOT:0000006000][INFO] admin_screen
Can't find incident file to validate closing reasons. Is your Resilient access configured properly?
Traceback (most recent call last):
File "/app/apis/qradar_api_client.py", line 874, in get_missing_closing_reasons
with open(incident_file, 'r') as infile:
IOError: [Errno 2] No such file or directory: '/store/incident.json'

Can't find incident file to create mapping template. Is your Resilient access configured properly?
Traceback (most recent call last):
File "/app/apis/resilient_helpers.py", line 107, in get_incident_fields
with open(incident_file, 'r') as infile:
IOError: [Errno 2] No such file or directory: '/store/incident.json'

Feb 19 11:24:25 127.0.0.1 [APP_ID/2251][NOT:0000006000][INFO] Test Resilient Config
Feb 19 11:24:25 127.0.0.1 [APP_ID/2251][NOT:0000006000][INFO] Token Test Returned: <Response [200]>
Feb 19 11:25:05 127.0.0.1 [APP_ID/2251][NOT:0000003000][ERROR] Connection Verification Error HTTPSConnectionPool(host='resilient.dataprotect.ma', port=443): Read timed out. (read timeout=40)
Feb 19 11:25:05 127.0.0.1 [APP_ID/2251][NOT:0000003000][ERROR] Traceback (most recent call last):
File "/app/views.py", line 901, in _test_config
clean_cache=True, multi_org=multi_org, timeout=res_timeout)
File "/app/apis/resilient_client.py", line 56, in __init__
self.session = self.client.connect(user, password, timeout=timeout)
File "/usr/local/lib/python2.7/site-packages/resilient/co3.py", line 202, in connect
ret = super(SimpleClient, self).connect(email, password, timeout)
File "/usr/local/lib/python2.7/site-packages/resilient/co3base.py", line 184, in connect
return self._connect(timeout=timeout)
File "/usr/local/lib/python2.7/site-packages/resilient/co3base.py", line 231, in _connect
timeout=timeout)
File "/usr/local/lib/python2.7/site-packages/requests/sessions.py", line 535, in post
return self.request('POST', url, data=data, json=json, **kwargs)
File "/usr/local/lib/python2.7/site-packages/requests/sessions.py", line 488, in request
resp = self.send(prep, **send_kwargs)
File "/usr/local/lib/python2.7/site-packages/requests/sessions.py", line 609, in send
r = adapter.send(request, **kwargs)
File "/usr/local/lib/python2.7/site-packages/requests/adapters.py", line 499, in send
raise ReadTimeout(e, request=request)
ReadTimeout: HTTPSConnectionPool(host='resilient.dataprotect.ma', port=443): Read timed out. (read timeout=40)

Feb 19 11:25:05 127.0.0.1 [APP_ID/2251][NOT:0000006000][INFO] Closing reasons missing from QRadar: []

------------------------------
Ayman Sabri
------------------------------

Original Message:
Sent: Wed February 19, 2020 05:22 AM
From: Ayman Sabri
Subject: Integrating IBM Resilient with Qradar

I didn't find the /store/app.config file in the container , How can i see logs the app version is 4.3.3

------------------------------
Ayman Sabri

Original Message:
Sent: Wed February 19, 2020 04:06 AM
From: BEN WILLIAMS
Subject: Integrating IBM Resilient with Qradar

Hi Ayman,

The problem is that the Docker container where the app is running on QRadar has not got access to Resilient over port 443. This could be a problem with your network from the container to Resilient, a proxy set in the container and so forth.

Use the document -> https://www.ibm.com/support/pages/node/1160758 to enter the container using recon and run curl -v -k https://resilient.dataprotect.ma:443 to see if the container has access to Resilient. Try increasing the timeout value and test again within the app.

If curl works then enable debug as detailed in the document, recreate  and create a case with the support team at https://www.ibm.com/mysupport for the support team to assist. Please upload the logs when creating the case.

------------------------------
BEN WILLIAMS

Original Message:
Sent: Wed February 19, 2020 03:53 AM
From: Ayman Sabri
Subject: Integrating IBM Resilient with Qradar

Hello,

i need help here :D !!


------------------------------
Ayman Sabri

Original Message:
Sent: Tue February 18, 2020 11:56 AM
From: Ayman Sabri
Subject: Integrating IBM Resilient with Qradar

I have this error when trying to integrate resilient with qradar, can you help me solving this issue.

Thank you..

------------------------------
Ayman Sabri
------------------------------

Hi Ayman,

It's best that you raise a case at https://www.ibm.com/mysupport.

If you're using v3.4 of the app then you can set the timeout in the UI increasing it from 30 to a higher value and try again.

------------------------------
BEN WILLIAMS
------------------------------

Original Message:
Sent: Wed February 19, 2020 05:31 AM
From: Ayman Sabri
Subject: Integrating IBM Resilient with Qradar

this is the log of /store/log/app.log:


Feb 19 11:24:04 127.0.0.1 [APP_ID/2251][NOT:0000006000][INFO] Closing reasons missing from QRadar: []
Feb 19 11:24:25 127.0.0.1 [APP_ID/2251][NOT:0000006000][INFO] admin_screen
Can't find incident file to validate closing reasons. Is your Resilient access configured properly?
Traceback (most recent call last):
File "/app/apis/qradar_api_client.py", line 874, in get_missing_closing_reasons
with open(incident_file, 'r') as infile:
IOError: [Errno 2] No such file or directory: '/store/incident.json'

Can't find incident file to create mapping template. Is your Resilient access configured properly?
Traceback (most recent call last):
File "/app/apis/resilient_helpers.py", line 107, in get_incident_fields
with open(incident_file, 'r') as infile:
IOError: [Errno 2] No such file or directory: '/store/incident.json'

Feb 19 11:24:25 127.0.0.1 [APP_ID/2251][NOT:0000006000][INFO] Test Resilient Config
Feb 19 11:24:25 127.0.0.1 [APP_ID/2251][NOT:0000006000][INFO] Token Test Returned: <Response [200]>
Feb 19 11:25:05 127.0.0.1 [APP_ID/2251][NOT:0000003000][ERROR] Connection Verification Error HTTPSConnectionPool(host='resilient.dataprotect.ma', port=443): Read timed out. (read timeout=40)
Feb 19 11:25:05 127.0.0.1 [APP_ID/2251][NOT:0000003000][ERROR] Traceback (most recent call last):
File "/app/views.py", line 901, in _test_config
clean_cache=True, multi_org=multi_org, timeout=res_timeout)
File "/app/apis/resilient_client.py", line 56, in __init__
self.session = self.client.connect(user, password, timeout=timeout)
File "/usr/local/lib/python2.7/site-packages/resilient/co3.py", line 202, in connect
ret = super(SimpleClient, self).connect(email, password, timeout)
File "/usr/local/lib/python2.7/site-packages/resilient/co3base.py", line 184, in connect
return self._connect(timeout=timeout)
File "/usr/local/lib/python2.7/site-packages/resilient/co3base.py", line 231, in _connect
timeout=timeout)
File "/usr/local/lib/python2.7/site-packages/requests/sessions.py", line 535, in post
return self.request('POST', url, data=data, json=json, **kwargs)
File "/usr/local/lib/python2.7/site-packages/requests/sessions.py", line 488, in request
resp = self.send(prep, **send_kwargs)
File "/usr/local/lib/python2.7/site-packages/requests/sessions.py", line 609, in send
r = adapter.send(request, **kwargs)
File "/usr/local/lib/python2.7/site-packages/requests/adapters.py", line 499, in send
raise ReadTimeout(e, request=request)
ReadTimeout: HTTPSConnectionPool(host='resilient.dataprotect.ma', port=443): Read timed out. (read timeout=40)

Feb 19 11:25:05 127.0.0.1 [APP_ID/2251][NOT:0000006000][INFO] Closing reasons missing from QRadar: []

------------------------------
Ayman Sabri

Original Message:
Sent: Wed February 19, 2020 05:22 AM
From: Ayman Sabri
Subject: Integrating IBM Resilient with Qradar

I didn't find the /store/app.config file in the container , How can i see logs the app version is 4.3.3

------------------------------
Ayman Sabri

Original Message:
Sent: Wed February 19, 2020 04:06 AM
From: BEN WILLIAMS
Subject: Integrating IBM Resilient with Qradar

Hi Ayman,

The problem is that the Docker container where the app is running on QRadar has not got access to Resilient over port 443. This could be a problem with your network from the container to Resilient, a proxy set in the container and so forth.

Use the document -> https://www.ibm.com/support/pages/node/1160758 to enter the container using recon and run curl -v -k https://resilient.dataprotect.ma:443 to see if the container has access to Resilient. Try increasing the timeout value and test again within the app.

If curl works then enable debug as detailed in the document, recreate  and create a case with the support team at https://www.ibm.com/mysupport for the support team to assist. Please upload the logs when creating the case.

------------------------------
BEN WILLIAMS

Original Message:
Sent: Wed February 19, 2020 03:53 AM
From: Ayman Sabri
Subject: Integrating IBM Resilient with Qradar

Hello,

i need help here :D !!


------------------------------
Ayman Sabri

Original Message:
Sent: Tue February 18, 2020 11:56 AM
From: Ayman Sabri
Subject: Integrating IBM Resilient with Qradar

I have this error when trying to integrate resilient with qradar, can you help me solving this issue.

Thank you..

------------------------------
Ayman Sabri
------------------------------

Thank you soo much BEN

------------------------------
Ayman Sabri
------------------------------

Original Message:
Sent: Wed February 19, 2020 06:15 AM
From: BEN WILLIAMS
Subject: Integrating IBM Resilient with Qradar

Hi Ayman,

It's best that you raise a case at https://www.ibm.com/mysupport.

If you're using v3.4 of the app then you can set the timeout in the UI increasing it from 30 to a higher value and try again.

------------------------------
BEN WILLIAMS

Original Message:
Sent: Wed February 19, 2020 05:31 AM
From: Ayman Sabri
Subject: Integrating IBM Resilient with Qradar

this is the log of /store/log/app.log:


Feb 19 11:24:04 127.0.0.1 [APP_ID/2251][NOT:0000006000][INFO] Closing reasons missing from QRadar: []
Feb 19 11:24:25 127.0.0.1 [APP_ID/2251][NOT:0000006000][INFO] admin_screen
Can't find incident file to validate closing reasons. Is your Resilient access configured properly?
Traceback (most recent call last):
File "/app/apis/qradar_api_client.py", line 874, in get_missing_closing_reasons
with open(incident_file, 'r') as infile:
IOError: [Errno 2] No such file or directory: '/store/incident.json'

Can't find incident file to create mapping template. Is your Resilient access configured properly?
Traceback (most recent call last):
File "/app/apis/resilient_helpers.py", line 107, in get_incident_fields
with open(incident_file, 'r') as infile:
IOError: [Errno 2] No such file or directory: '/store/incident.json'

Feb 19 11:24:25 127.0.0.1 [APP_ID/2251][NOT:0000006000][INFO] Test Resilient Config
Feb 19 11:24:25 127.0.0.1 [APP_ID/2251][NOT:0000006000][INFO] Token Test Returned: <Response [200]>
Feb 19 11:25:05 127.0.0.1 [APP_ID/2251][NOT:0000003000][ERROR] Connection Verification Error HTTPSConnectionPool(host='resilient.dataprotect.ma', port=443): Read timed out. (read timeout=40)
Feb 19 11:25:05 127.0.0.1 [APP_ID/2251][NOT:0000003000][ERROR] Traceback (most recent call last):
File "/app/views.py", line 901, in _test_config
clean_cache=True, multi_org=multi_org, timeout=res_timeout)
File "/app/apis/resilient_client.py", line 56, in __init__
self.session = self.client.connect(user, password, timeout=timeout)
File "/usr/local/lib/python2.7/site-packages/resilient/co3.py", line 202, in connect
ret = super(SimpleClient, self).connect(email, password, timeout)
File "/usr/local/lib/python2.7/site-packages/resilient/co3base.py", line 184, in connect
return self._connect(timeout=timeout)
File "/usr/local/lib/python2.7/site-packages/resilient/co3base.py", line 231, in _connect
timeout=timeout)
File "/usr/local/lib/python2.7/site-packages/requests/sessions.py", line 535, in post
return self.request('POST', url, data=data, json=json, **kwargs)
File "/usr/local/lib/python2.7/site-packages/requests/sessions.py", line 488, in request
resp = self.send(prep, **send_kwargs)
File "/usr/local/lib/python2.7/site-packages/requests/sessions.py", line 609, in send
r = adapter.send(request, **kwargs)
File "/usr/local/lib/python2.7/site-packages/requests/adapters.py", line 499, in send
raise ReadTimeout(e, request=request)
ReadTimeout: HTTPSConnectionPool(host='resilient.dataprotect.ma', port=443): Read timed out. (read timeout=40)

Feb 19 11:25:05 127.0.0.1 [APP_ID/2251][NOT:0000006000][INFO] Closing reasons missing from QRadar: []

------------------------------
Ayman Sabri

Original Message:
Sent: Wed February 19, 2020 05:22 AM
From: Ayman Sabri
Subject: Integrating IBM Resilient with Qradar

I didn't find the /store/app.config file in the container , How can i see logs the app version is 4.3.3

------------------------------
Ayman Sabri

Original Message:
Sent: Wed February 19, 2020 04:06 AM
From: BEN WILLIAMS
Subject: Integrating IBM Resilient with Qradar

Hi Ayman,

The problem is that the Docker container where the app is running on QRadar has not got access to Resilient over port 443. This could be a problem with your network from the container to Resilient, a proxy set in the container and so forth.

Use the document -> https://www.ibm.com/support/pages/node/1160758 to enter the container using recon and run curl -v -k https://resilient.dataprotect.ma:443 to see if the container has access to Resilient. Try increasing the timeout value and test again within the app.

If curl works then enable debug as detailed in the document, recreate  and create a case with the support team at https://www.ibm.com/mysupport for the support team to assist. Please upload the logs when creating the case.

------------------------------
BEN WILLIAMS

Original Message:
Sent: Wed February 19, 2020 03:53 AM
From: Ayman Sabri
Subject: Integrating IBM Resilient with Qradar

Hello,

i need help here :D !!


------------------------------
Ayman Sabri

Original Message:
Sent: Tue February 18, 2020 11:56 AM
From: Ayman Sabri
Subject: Integrating IBM Resilient with Qradar

I have this error when trying to integrate resilient with qradar, can you help me solving this issue.

Thank you..

------------------------------
Ayman Sabri
------------------------------