IBM QRadar SOAR

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Integration server configuration for different organizations

    Posted Fri May 01, 2020 06:20 AM
    Hi,

    1- What is the Integration server configuration if there are two or more organizations with different actions / functions.

    2-What is the Integration server configuration if there are two or more organizations with different actions / functions if we had mssp licence?

    Any document or advice would be appreciated.

    Best

    ------------------------------
    Jasmine
    ------------------------------


  • 2.  RE: Integration server configuration for different organizations

    Posted Fri May 01, 2020 09:39 AM
    I think configuring multiple circuite configuration in document is the key.

    ------------------------------
    Jasmine
    ------------------------------

    Original Message


  • 3.  RE: Integration server configuration for different organizations

    Posted Mon May 04, 2020 12:13 PM
    Edited by BENOIT ROSTAGNI Mon May 04, 2020 12:13 PM
    have a look at :

    Using virtualenv to run multiple circuits




    https://community.ibm.com/community/user/security/communities/community-home/digestviewer/viewthread?GroupId=2845&MessageKey=704dad11-ce42-449a-bca3-1897e44ad0a4&CommunityKey=d2f71e8c-108e-4652-b59c-29d61af7163e&tab=digestviewer&ReturnUrl=%2fcommunity%2fuser%2fsecurity%2fcommunities%2fcommunity-home%2fdigestviewer%3fcommunitykey%3dd2f71e8c-108e-4652-b59c-29d61af7163e%26tab%3ddigestviewer

    ------------------------------
    BENOIT ROSTAGNI
    ------------------------------

    Original Message


  • 4.  RE: Integration server configuration for different organizations

    Posted Mon May 04, 2020 12:16 PM
    If you have multiple organizations I would suggest using different api keys for the circuits integration.

    If you are an MSSP it would be different as currently API keys are not supported for MSSP. Though it should be available soon. You could use different user accounts for each child org. Or you could use a single user account but you would need to allow multiple session logins for the account. Unfortunately I don't have the commands to allow this behavior (you need to set a configuration variable). You'd need to contact support for that.

    Ben

    ------------------------------
    Ben Lurie
    ------------------------------

    Original Message


  • 5.  RE: Integration server configuration for different organizations

    Posted Tue May 05, 2020 05:14 AM
    Hi Jasmine, 
    We resolved this issue by moving our Integration server to Kubernetes -  Docker containerized solution.   
    This allows us to run multiple Integration servers next to each other. 
    It's not just a copy paste of the infrastructure to Kubernetes:
    • We put each micro integration in a separate Container, so it's easy to do proper packaging, monitoring, redeploy new code.
    • Each container = a mini integration server which Circuits running
    • We spin-off a copy of the containers if we need to serve a second (or more) Organization. This is the case on our Development and Acceptance Appliances.
    For us this is certainly the way to go, much more flexible than running the Integration server as one VM which one controller=Circuits.





    ------------------------------
    Kris Caron
    ------------------------------

    Original Message


  • 6.  RE: Integration server configuration for different organizations

    Posted Wed May 06, 2020 03:09 AM
    About the deployment of the integration server based on containers.

    Is there any specific document explaining the process?... They only place I saw it was at:

    ibmresilient/resilient-circuits-docker
    GitHub remove preview
    ibmresilient/resilient-circuits-docker
    This repository is a community submission detailing how you can use Docker to containerize an integration for Resilient Circuits. Integrations used with resilient_circuits are Python packages which are typically installed before use and Circuits itself is also a Python package.
    View this on GitHub >

    About multiple org with MSSP you requires to deploy as many as circuits you need based on the number of the org. If you have 10 child-orgs you have to run 10 process with 10 app.config files, this can be run on single user for testing, separate users, separate boxes, containers..., a few options are available and I believe it depends on the customer requirement. About the automation every child-org and the integration server will take their jobs to run the automation... Any doubt or clarification on that?

    ------------------------------
    PABLO ROBERTO GARCIA
    ------------------------------

    Original Message


  • 7.  RE: Integration server configuration for different organizations

    Posted Thu May 07, 2020 04:57 AM
    Hi Pablo,
    don't think there is a documentation out on how to best setup this containerized/integration server yet.
    We create one "base integration container " which we clone for each specific 'integration - ORG' we need.

    Especially with the usage of API Keys (which are ORG specific) it gets some more complexity but this can be handled in the config files..  so the API key secrets specific for the Org get used, ....   




    ------------------------------
    --------------------------------
    Kris Caron
    ---------------------------------
    ------------------------------

    Original Message


Related Content