IBM Security QRadar SOAR

 View Only
  • 1.  Integration Apps do not work properly

    Posted Wed February 12, 2020 07:59 AM
    Hi,

    I have some apps installed on Integration server and I keep getting these errors:

    Apility:
    FunctionException_: <Traceback (most recent call last): File "c:\program files\python36\lib\site-packages\urllib3\connection.py", line 160, in _new_conn (self._dns_host, self.port), self.timeout, **extra_kw) File "c:\program files\python36\lib\site-packages\urllib3\util\connection.py", line 57, in create_connection for res in socket.getaddrinfo(host, port, family, socket.SOCK_STREAM): File "c:\program files\python36\lib\socket.py", line 745, in getaddrinfo for res in _socket.getaddrinfo(host, port, family, type, proto, flags): socket.gaierror: [Errno 11001] getaddrinfo failed During handling of the above exception, another exception occurred: Traceback (most recent call last): File "c:\program files\python36\lib\site-packages\urllib3\connectionpool.py", line 603, in urlopen chunked=chunked) File "c:\program files\python36\lib\site-packages\urllib3\connectionpool.py", line 344, in _make_request self._validate_conn(conn) File "c:\program files\python36\lib\site-packages\urllib3\connectionpool.py", line 843, in _validate_conn conn.connect() File "c:\program files\python36\lib\site-packages\urllib3\connection.py", line 316, in connect conn = self._new_conn() File "c:\program files\python36\lib\site-packages\urllib3\connection.py", line 169, in _new_conn self, "Failed to establish a new connection: %s" % e) urllib3.exceptions.NewConnectionError: <urllib3.connection.VerifiedHTTPSConnection object at 0x0000021033AADE48>: Failed to establish a new connection: [Errno 11001] getaddrinfo failed During handling of the above exception, another exception occurred: Traceback (most recent call last): File "c:\program files\python36\lib\site-packages\requests\adapters.py", line 449, in send timeout=timeout File "c:\program files\python36\lib\site-packages\urllib3\connectionpool.py", line 641, in urlopen _stacktrace=sys.exc_info()[2]) File "c:\program files\python36\lib\site-packages\urllib3\util\retry.py", line 399, in increment raise MaxRetryError(_pool, url, error or ResponseError(cause)) urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='api.apility.net', port=443): Max retries exceeded with url: /v2.0/ip/172.17.4.133 (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x0000021033AADE48>: Failed to establish a new connection: [Errno 11001] getaddrinfo failed',)) During handling of the above exception, another exception occurred: Traceback (most recent call last): File "c:\program files\python36\lib\site-packages\fn_apility\components\function_apility.py", line 43, in _fn_apility_function response = requests.get(url, headers=HEADERS) File "c:\program files\python36\lib\site-packages\requests\api.py", line 75, in get return request('get', url, params=params, **kwargs) File "c:\program files\python36\lib\site-packages\requests\api.py", line 60, in request return session.request(method=method, url=url, **kwargs) File "c:\program files\python36\lib\site-packages\requests\sessions.py", line 533, in request resp = self.send(prep, **send_kwargs) File "c:\program files\python36\lib\site-packages\requests\sessions.py", line 646, in send r = adapter.send(request, **kwargs) File "c:\program files\python36\lib\site-packages\requests\adapters.py", line 516, in send raise ConnectionError(e, request=request) requests.exceptions.ConnectionError: HTTPSConnectionPool(host='api.apility.net', port=443): Max retries exceeded with url: /v2.0/ip/172.17.4.133 (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x0000021033AADE48>: Failed to establish a new connection: [Errno 11001] getaddrinfo failed',)) > File "c:\program files\python36\lib\site-packages\circuits\core\manager.py", line 856, in processTask raise value.extract() File "c:\program files\python36\lib\site-packages\resilient_circuits\actions_component.py", line 70, in _on_task yield result.get() File "c:\program files\python36\lib\multiprocessing\pool.py", line 644, in get raise self._value File "c:\program files\python36\lib\multiprocessing\pool.py", line 119, in worker result = (True, func(*args, **kwds)) File "c:\program files\python36\lib\site-packages\resilient_circuits\decorators.py", line 97, in _call_the_task raise val

    Hibp:
    FunctionException_: <Traceback (most recent call last): File "c:\program files\python36\lib\site-packages\urllib3\connection.py", line 160, in _new_conn (self._dns_host, self.port), self.timeout, **extra_kw) File "c:\program files\python36\lib\site-packages\urllib3\util\connection.py", line 57, in create_connection for res in socket.getaddrinfo(host, port, family, socket.SOCK_STREAM): File "c:\program files\python36\lib\socket.py", line 745, in getaddrinfo for res in _socket.getaddrinfo(host, port, family, type, proto, flags): socket.gaierror: [Errno 11001] getaddrinfo failed During handling of the above exception, another exception occurred: Traceback (most recent call last): File "c:\program files\python36\lib\site-packages\urllib3\connectionpool.py", line 603, in urlopen chunked=chunked) File "c:\program files\python36\lib\site-packages\urllib3\connectionpool.py", line 344, in _make_request self._validate_conn(conn) File "c:\program files\python36\lib\site-packages\urllib3\connectionpool.py", line 843, in _validate_conn conn.connect() File "c:\program files\python36\lib\site-packages\urllib3\connection.py", line 316, in connect conn = self._new_conn() File "c:\program files\python36\lib\site-packages\urllib3\connection.py", line 169, in _new_conn self, "Failed to establish a new connection: %s" % e) urllib3.exceptions.NewConnectionError: <urllib3.connection.VerifiedHTTPSConnection object at 0x0000021033ABAA90>: Failed to establish a new connection: [Errno 11001] getaddrinfo failed During handling of the above exception, another exception occurred: Traceback (most recent call last): File "c:\program files\python36\lib\site-packages\requests\adapters.py", line 449, in send timeout=timeout File "c:\program files\python36\lib\site-packages\urllib3\connectionpool.py", line 641, in urlopen _stacktrace=sys.exc_info()[2]) File "c:\program files\python36\lib\site-packages\urllib3\util\retry.py", line 399, in increment raise MaxRetryError(_pool, url, error or ResponseError(cause)) urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='haveibeenpwned.com', port=443): Max retries exceeded with url: /api/v2/breachedaccount/magost@mnb.hu (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x0000021033ABAA90>: Failed to establish a new connection: [Errno 11001] getaddrinfo failed',)) During handling of the above exception, another exception occurred: Traceback (most recent call last): File "c:\program files\python36\lib\site-packages\fn_hibp\components\have_i_been_pwned_get_breaches.py", line 63, in _have_i_been_pwned_get_breaches_function proxies=self.PROXIES) File "c:\program files\python36\lib\site-packages\requests\api.py", line 75, in get return request('get', url, params=params, **kwargs) File "c:\program files\python36\lib\site-packages\requests\api.py", line 60, in request return session.request(method=method, url=url, **kwargs) File "c:\program files\python36\lib\site-packages\requests\sessions.py", line 533, in request resp = self.send(prep, **send_kwargs) File "c:\program files\python36\lib\site-packages\requests\sessions.py", line 646, in send r = adapter.send(request, **kwargs) File "c:\program files\python36\lib\site-packages\requests\adapters.py", line 516, in send raise ConnectionError(e, request=request) requests.exceptions.ConnectionError: HTTPSConnectionPool(host='haveibeenpwned.com', port=443): Max retries exceeded with url: /api/v2/breachedaccount/magost@mnb.hu (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x0000021033ABAA90>: Failed to establish a new connection: [Errno 11001] getaddrinfo failed',)) > File "c:\program files\python36\lib\site-packages\circuits\core\manager.py", line 856, in processTask raise value.extract() File "c:\program files\python36\lib\site-packages\resilient_circuits\actions_component.py", line 70, in _on_task yield result.get() File "c:\program files\python36\lib\multiprocessing\pool.py", line 644, in get raise self._value File "c:\program files\python36\lib\multiprocessing\pool.py", line 119, in worker result = (True, func(*args, **kwds)) File "c:\program files\python36\lib\site-packages\resilient_circuits\decorators.py", line 97, in _call_the_task raise val
    02/12/2020 13:14:37
    Information
    starting...

    Whois:
    Completed
    02/12/2020 13:30:09
    Information
    Encountered exception when sending query. Reason Socket error: 403: Tunnel or SSL Forbidden [*] Note: The HTTP proxy server may not be supported by PySocks (must be a CONNECT tunnel proxy)
    02/12/2020 13:30:09
    Information
    Config option found for proxies. Attempting to setup with proxy.
    02/12/2020 13:30:09
    Information

    X-Force:
    Example: X-Force Query Collection(s) - X-Force Utilities: Query Collection
    Completed
    02/12/2020 13:04:56
    Information
    Completed
    02/12/2020 13:04:59
    Information
    Finished function; Success:False
    02/12/2020 13:04:58
    Information
    Starting
    starting...

    It must be some proxy issue but we cannot find out what.

    Also when we try to run an app's query where would te connection start? From Resilient or the Integration server? We cannot see anything of these on the proxy.

    Thank you.

    Regards,
    Adam

    ------------------------------
    Adam
    ------------------------------


  • 2.  RE: Integration Apps do not work properly

    Posted Fri April 24, 2020 07:16 AM
    Hi Adam,

    This issue was resolved in a case, thanks for reaching out.


    Kind regards,

    ------------------------------
    Sean OGorman
    ------------------------------