Are your apps in QRadar functioning properly? If you see issues where applications start to behave incorrectly, do not display data, or do not render in the user interface it could be a certificate issue that is preventing the API from connecting to the Console.
It might also be a Tomcat issue if the appliance is resource starved it might have issues listening for connections, however, as mentioned you would likely see issues in your applications or other product areas.
Questions:
- Can you curl the QRadar API? Normally, these issues are network change related.
- Do you have your own self signed certificate used to login to QRadar console? You might request that support runs the certValidator tool on your appliance to confirm an issue for you. This is a support only tool, but might help pinpoint the issue.
- What endpoint are you attempt to query (/api/ariel) and have you tried other endpoints and do they all fail with connection refused?
- Are application installs failing or are you having app issues? If you attempt to upgrade an app, will it upgrade for you?
- Is the Console in an HA pair? Are you attempt to contact the primary directly or are you using the IP for the VIP (virtual IP assigned during HA configuration). You might need to confirm that you aren't attempting to reach the Standby appliance vs the Active. The VIP should always send you to the Active Console in an HA pair.
If you are seeing issues with multiple apps, along with API issues there might be a cert problem going on and it might need to be reset within QRadar. This would be a valid support case as API issues are impacting functionality for your applications.
#QRadar#Support#SupportMigration