Original Message:
Sent: Thu December 17, 2020 01:58 PM
From: Chaitanya Challa
Subject: QRadar Enhanced Offense Data Migration message destination didn't appear in the list on the integration server
Hi Gabriel,
Which version of resilient-circuits are you using?
Also, the QRadar Enhanced Data Migration uses the fn_qradar_integration section of the app.config, which is why we have it in config.py. If you already have the section defined for fn_qradar_integration, the same would be used for this integration as well. If you do not have the fn_qradar_integration section , then resilient-circuits config -c would create the section and you could update it with the QRadar host and authentication details.
Thanks,
Chaitanya
------------------------------
Chaitanya Challa
Original Message:
Sent: Thu December 17, 2020 07:36 AM
From: Gabriel NKUITE
Subject: QRadar Enhanced Offense Data Migration message destination didn't appear in the list on the integration server
Hi Jasmine,
That's exactly what I did but it didn't work. Then I decided to create this request.
Gabriel
------------------------------
Gabriel NKUITE
Open Group and IBM Certified ITS
IBM
Bois Colombes
336 71016868
Original Message:
Sent: Thu December 17, 2020 06:01 AM
From: Jasmine
Subject: QRadar Enhanced Offense Data Migration message destination didn't appear in the list on the integration server
Hi ,
Sometimes restarting resilient_circuits service solves the issue.
Best
------------------------------
Jasmine
Original Message:
Sent: Wed December 16, 2020 11:31 AM
From: Gabriel NKUITE
Subject: QRadar Enhanced Offense Data Migration message destination didn't appear in the list on the integration server
Hi,
I have successfully installed "QRadar Enhanced Offense Data Migration" App. But when I start resilient circuits the message destination fn_qradar_enhanced_data does not appear in the list of existing message destination on the integration server. On Resilient the permissions for the API key I am using are correct.
Extract from app.log file
......
2020-12-16 17:13:43,262 INFO [actions_component] Subscribe to message destination 'fn_utilities'
2020-12-16 17:13:43,262 INFO [actions_component] Subscribe to message destination 'url_to_dns'
2020-12-16 17:13:43,262 INFO [actions_component] Subscribe to message destination 'fn_task_utils'
2020-12-16 17:13:43,263 INFO [actions_component] Subscribe to message destination 'fn_service_now'
2020-12-16 17:13:43,263 INFO [actions_component] Subscribe to message destination 'fn_scheduler'
2020-12-16 17:13:43,264 INFO [actions_component] Subscribe to message destination 'rsa_netwitness_message_destination'
2020-12-16 17:13:43,264 INFO [actions_component] Subscribe to message destination 'fn_qradar_integration'
2020-12-16 17:13:43,264 INFO [actions_component] Subscribe to message destination 'fn_ldap_utilities'
2020-12-16 17:13:43,265 INFO [actions_component] Subscribe to message destination 'fn_jira'
2020-12-16 17:13:43,265 INFO [actions_component] Subscribe to message destination 'fn_ioc_parser_v2'
2020-12-16 17:13:43,266 INFO [actions_component] Subscribe to message destination 'fn_incident_utils'
2020-12-16 17:13:43,266 INFO [actions_component] Subscribe to message destination 'domaintools'
2020-12-16 17:13:43,267 INFO [actions_component] Subscribe to message destination 'fn_datatable_utils'
2020-12-16 17:13:43,267 INFO [actions_component] Subscribe to message destination 'feed_data'
2020-12-16 17:13:43,268 INFO [stomp_component] Subscribe to message destination actions.201.fn_utilities
2020-12-16 17:13:43,269 INFO [stomp_component] Subscribe to message destination actions.201.url_to_dns
2020-12-16 17:13:43,270 INFO [stomp_component] Subscribe to message destination actions.201.fn_task_utils
2020-12-16 17:13:43,271 INFO [stomp_component] Subscribe to message destination actions.201.fn_service_now
2020-12-16 17:13:43,272 INFO [stomp_component] Subscribe to message destination actions.201.fn_scheduler
2020-12-16 17:13:43,272 INFO [stomp_component] Subscribe to message destination actions.201.rsa_netwitness_message_destination
2020-12-16 17:13:43,273 INFO [stomp_component] Subscribe to message destination actions.201.fn_qradar_integration
2020-12-16 17:13:43,274 INFO [stomp_component] Subscribe to message destination actions.201.fn_ldap_utilities
2020-12-16 17:13:43,275 INFO [stomp_component] Subscribe to message destination actions.201.fn_jira
2020-12-16 17:13:43,275 INFO [stomp_component] Subscribe to message destination actions.201.fn_ioc_parser_v2
2020-12-16 17:13:43,276 INFO [stomp_component] Subscribe to message destination actions.201.fn_incident_utils
2020-12-16 17:13:43,277 INFO [stomp_component] Subscribe to message destination actions.201.domaintools
2020-12-16 17:13:43,278 INFO [stomp_component] Subscribe to message destination actions.201.fn_datatable_utils
2020-12-16 17:13:43,278 INFO [stomp_component] Subscribe to message destination actions.201.feed_data
Any idea why resilient circuits can't subscribe to this queue?
How this App is working if in config.py file the config data from qradar integration app are used? How to instruct resilient circuits on my integration server to subscribe to fn_qradar_enhanced_data queue to get this App works?
def config_section_data():
"""Produce the default configuration section for app.config,
when called by `resilient-circuits config [-c|-u]`
"""
config_data = u'''[fn_qradar_integration]
host=localhost
username=admin
qradarpassword=changeme
#Note, if both qradarpassword and qradartoken are given, password will be used
qradartoken=changeme
#verify_cert=false|/path/to/cert
#search_timeout=
'''
return config_data
Thanks for your help
Gabriel
------------------------------
Gabriel NKUITE
Open Group and IBM Certified ITS
IBM
Bois Colombes
336 71016868
------------------------------