IBM QRadar SOAR

IBM QRadar SOAR

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Receving Proxy timeout error while using custom call Rest-API in IBM resilient SOAR

    Posted Wed December 20, 2023 03:21 AM

    Hello Team,

     

    We are sending API request using postman successfully to get alerts

     

    using https://10.20.30.104/api/open/alerts/all?" href="https://10.20.30.104/api/open/alerts/all?" rel="noreferrer noopener" target="_blank" class="fui-Link ___1rxvrpe f2hkw1w f3rmtva f1ewtqcl fyind8e f1k6fduh f1w7gpdv fk6fouc fjoy568 figsok6 f1hu3pq6 f11qmguv f19f4twv f1tyq0we f1g0x7ka fhxju0i f1qch9an f1cnd47f fqv5qza f1vmzxwi f1o700av f13mvf36 f1cmlufx f9n3di6 f1ids18y f1tx3yz7 f1deo86v f1eh06m1 f1iescvh fhgqx19 f1olyrje f1p93eir f1nev41a f1h8hb77 f1lqvz6u f10aw75t fsle3fq f17ae5zn" title="https://10.20.30.104/api/open/alerts/all?">https://10.20.30.104/api/open/alerts/all?

     

    however we tried to utilize same function with custom API request by using  "call rest API" in resilient SOAR
    we are receiving following error.

     

     

    Traceback (most recent call last):   File "/usr/local/lib/python3.10/dist-packages/urllib3/connectionpool.py", line 700, in urlopen     self._prepare_proxy(conn)   File "/usr/local/lib/python3.10/dist-packages/urllib3/connectionpool.py", line 994, in _prepare_proxy     conn.connect()   File "/usr/local/lib/python3.10/dist-packages/urllib3/connection.py", line 369, in connect     self._tunnel()   File "/usr/lib/python3.10/http/client.py", line 924, in _tunnel     raise OSError(f"Tunnel connection failed: {code} {message.strip()}") OSError: Tunnel connection failed: 503 Service Unavailable During handling of the above exception, another exception occurred: Traceback (most recent call last):   File "/usr/local/lib/python3.10/dist-packages/requests/adapters.py", line 440, in send     resp = conn.urlopen(   File "/usr/local/lib/python3.10/dist-packages/urllib3/connectionpool.py", line 785, in urlopen     retries = retries.increment(   File "/usr/local/lib/python3.10/dist-packages/urllib3/util/retry.py", line 592, in increment     raise MaxRetryError(_pool, url, error or ResponseError(cause)) urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='10.20.30.104', port=443): Max retries exceeded with url: /api/open/alerts/all?query=where%20mac_src%20==%2000:07:7c:12:e6:85%20%7C%20where%20type_id%20==%20SIGN:OUTBOUND-CONNECTIONS (Caused by ProxyError('Cannot connect to proxy.', OSError('Tunnel connection failed: 503 Service Unavailable'))) During handling of the above exception, another exception occurred: Traceback (most recent call last):   File "/usr/local/lib/python3.10/dist-packages/resilient_lib/components/requests_common.py", line 214, in execute     response = requests.request(method, url, timeout=timeout, proxies=proxies, cert=clientauth, **kwargs)   File "/usr/local/lib/python3.10/dist-packages/requests/api.py", line 61, in request     return session.request(method=method, url=url, **kwargs)   File "/usr/local/lib/python3.10/dist-packages/requests/sessions.py", line 529, in request     resp = self.send(prep, **send_kwargs)   File "/usr/local/lib/python3.10/dist-packages/requests/sessions.py", line 645, in send     r = adapter.send(request, **kwargs)   File "/usr/local/lib/python3.10/dist-packages/requests/adapters.py", line 513, in send     raise ProxyError(e, request=request) requests.exceptions.ProxyError: HTTPSConnectionPool(host='10.20.30.104', port=443): Max retries exceeded with url: /api/open/alerts/all?query=where%20mac_src%20==%2000:07:7c:12:e6:85%20%7C%20where%20type_id%20==%20SIGN:OUTBOUND-CONNECTIONS (Caused by ProxyError('Cannot connect to proxy.', OSError('Tunnel connection failed: 503 Service Unavailable'))) During handling of the above exception, another exception occurred: Traceback (most recent call last):   File "/usr/local/lib/python3.10/dist-packages/fn_utilities/components/utilities_call_rest_api.py", line 57, in _call_rest_api_function     resp = make_rest_call(self.opts, self.options, rest_method, rest_url,   File "/usr/local/lib/python3.10/dist-packages/fn_utilities/components/utilities_call_rest_api.py", line 111, in make_rest_call     return rc.execute_call_v2(rest_method, rest_url,   File "/usr/local/lib/python3.10/dist-packages/resilient_lib/components/requests_common.py", line 235, in execute     raise IntegrationError(msg) resilient_lib.components.integration_errors.IntegrationError: "HTTPSConnectionPool(host='10.20.30.104', port=443): Max retries exceeded with url: /api/open/alerts/all?query=where%20mac_src%20==%2000:07:7c:12:e6:85%20%7C%20where%20type_id%20==%20SIGN:OUTBOUND-CONNECTIONS (Caused by ProxyError('Cannot connect to proxy.', OSError('Tunnel connection failed: 503 Service Unavailable')))"

    I am able to request API in postman but In SOAR getting proxy timeout error.

    Kindly let me know how to resolve this.



    ------------------------------
    Swapnil Software Engineer
    ------------------------------


  • 2.  RE: Receving Proxy timeout error while using custom call Rest-API in IBM resilient SOAR

    Posted Wed December 20, 2023 10:39 AM

    Hi Swapnil, 

    I have raised the issue with the team.

    They should be reaching out to you subsequently.

    John



    ------------------------------
    John Quirke
    ------------------------------

    Original Message


  • 3.  RE: Receving Proxy timeout error while using custom call Rest-API in IBM resilient SOAR

    Posted Wed December 20, 2023 11:25 AM

    Hi Swapnil -

    Could you please share a bit more on your configuration?

    • Are you running this app on App Host/Edge Gateway?
      • If so, do you have access to the AppHost machine, and can you send the result of running manageAppHost showconfig on that machine?
    • If not App Host, are you running on an integration server?
      • Do you have any *_PROXY variables set in the environment
    • Regardless of app host vs. integration server, do you have any proxy settings set in the app.config for this app?

    Finally, you are using the deprecated app "Utility Functions for SOAR." You'll notice that this app has been replaced by smaller apps, including the new app "REST API Functions for IBM QRadar SOAR" which will be getting various updates over the next months and ongoing to resolve any possible bugs. I do not think that this is a case where switching will resolve anything, but I do recommend that you switch to that app as soon as you can. You can see the list of replacement apps for the Utility Functions app at: https://exchange.xforce.ibmcloud.com/hub/extension/2b6699ac8a3976b67dfbddee26dbe3a5

    Please do share with me what you can regarding the above configuration questions and we will attempt to get to the bottom of your issue and hopefully resolve it quickly. Thank you!



    ------------------------------
    Bo Bleckel
    ------------------------------

    Original Message