I just installed the QRadar SDK v2.0.2, Our Qradar instance is the AWS 7.4.1 AMI upgraded to FixPack 2. I was able to successfully create a new app workspace with the qapp create
command. But running the qapp deploy
command gives me the following error: Failed to establish a new connection
Here is the full output:
➜ qradar-test-app git:(master) ✗ qapp deploy -p test-app.zip -u {my-qradar-user} -q {my-public-ip}
Please enter password for user {my-qradar-user}:
Request to host ip-{my-private-ip}.us-west-2.compute.internal failed:
HTTPSConnectionPool(host='ip-{my-private-ip}.us-west-2.compute.internal', port=443): Max retries exceeded with url: /api/gui_app_framework/applications (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7fc43007cb50>: Failed to establish a new connection: [Errno 8] nodename nor servname provided, or not known'))
The main thing that looks off is how it tries to connect to the private DNS for our qradar instance, even when providing the public IP in the deploy command. I've only ever provided the SDK the public IP of our instance, so I'm not sure where it even found the private DNS? Is there a configuration setting in our QRadar instance that sets what the SDK tries to connect to? Is there any other step we may have missed?
Here is the output from the first time I ran the command, in case I'm missing a step:
qapp deploy -p test-app.zip -u {my-qradar-user} -q {my-public-ip}
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
No CA certificate bundle found for {my-public-ip}
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
To enable verification of server certificates, the CA certificate bundle must be downloaded from the server
Do you wish to proceed with the CA certificate bundle download? [Y/n]: Y
Please answer the following questions detailing how to connect to the server
Do you use a SOCKS proxy to connect to the server? [y/N]: N
Enter user ID for connecting to the server [root]: {my-ssh-user}
Enter {my-public-ip} password for user {my-ssh-user}:
Initialising transfer of CA certificate bundle from server, please wait...
100%|##############################################################################################| 226k/226k [00:01<00:00, 193kb/s]
Transfer complete
CA certificate bundle for {my-public-ip} saved to /Users/{my-local-user}/.qradar_app_sdk/{my-public-ip}/ca-bundle.crt
Please enter password for user {my-qradar-user}:
Request to host ip-{my-private-ip}.us-west-2.compute.internal failed:
HTTPSConnectionPool(host='ip-{my-private-ip}.us-west-2.compute.internal', port=443): Max retries exceeded with url: /api/gui_app_framework/applications (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7ffb1733dcd0>: Failed to establish a new connection: [Errno 8] nodename nor servname provided, or not known'))
------------------------------
Wesley Agena
------------------------------