Hi Ben,
Thanks for the reply.
Now I see in the app.log this script is doing POST on resilient server URL itself.
I can see that function is working as selected fields are shown in below logs. Now I need to figure out how to POST this data in ITSM tool by calling manage engine rest API.
It would be helpful if you can share documentation to achieve this. Sorry for asking silly questions, I am very new to this product as well as python.
2020-07-13 13:59:10,754 INFO [funct_testing_integration_function] incident_id: 9188
2020-07-13 13:59:10,754 INFO [funct_testing_integration_function] description: None
2020-07-13 13:59:10,754 DEBUG [actions_component] Reset idle timer
2020-07-13 13:59:10,754 DEBUG [connectionpool] Resetting dropped connection: resilient.localdomain
2020-07-13 13:59:10,879 DEBUG [connectionpool]
https://resilient.localdomain:443 "POST /rest/orgs/201http://manageenginesdpurl/sdpapi/request?TECHNICIAN_KEY=xxxxxxxxxxxxxxxxxxxxxxxxx&format=json HTTP/1.1" 500 None
2020-07-13 13:59:10,973 ERROR [actions_component] <task[functionworker] (<function function.__call__.<locals>.decorated.<locals>._call_the_task at 0x0000018117AE84C0>, <testing_integration_function[functions.testing_integration_function] (id=33, workflow=testing_integration_workflow, user=
admin@resilient.com) 2020-07-13 08:29:10.058000> incident_id=9188)> (<class 'resilient_circuits.action_message.FunctionException_'>):
Traceback (most recent call last):
File "c:\Python\lib\site-packages\resilient\co3.py", line 346, in post
response = super(SimpleClient, self).post(uri, payload, co3_context_token, timeout)
File "c:\Python\lib\site-packages\resilient\co3base.py", line 351, in post
BasicHTTPException.raise_if_error(response)
File "c:\Python\lib\site-packages\resilient\co3base.py", line 62, in raise_if_error
raise BasicHTTPException(response)
resilient.co3base.BasicHTTPException: Internal Server Error: {"success":false,"title":null,"message":"Internal Server Error","hints":[],"error_code":"generic"}
------------------------------
Bhaskar Chourasiya
------------------------------
Original Message:
Sent: Mon July 13, 2020 05:31 AM
From: BEN WILLIAMS
Subject: Resilient integration with Manage engine SDP
In the case you opened with a colleague we saw the URI being used to POST to was malformed and looked to be a mix of the Resilient address and another, presumably the ITSM application. Resilient is sending back an HTTP 500 because it doesn't recognise what you are sending it.
Take a look at the contents of the Resilient Circuits app.log and /usr/share/co3/logs/client.log for the time.
Be aware that IBM Resilient support cannot assist with custom code such as this. The community is one place to get assistance otherwise Security Expert Labs may be able to provide you with a paid for service.
------------------------------
BEN WILLIAMS
Original Message:
Sent: Mon July 13, 2020 05:03 AM
From: Bhaskar Chourasiya
Subject: Resilient integration with Manage engine SDP
Hi All,
There are some progress that we have made during the troubleshooting this issue.
Now we are able to fix the issue related script but still could not accomplish the end result.
We change the script as attached and now are getting below error while running the menu item rule that we have created to associated task.
Guys hoping for at least a clue to resolve this issue. @Ben Lurie, @BEN WILLIAMS, @Vítor Fagundes Alves Nogueira, tagged based on previous discussion answers.
"Traceback (most recent call last): File "c:\Python\lib\site-packages\resilient\co3.py", line 346, in post response = super(SimpleClient, self).post(uri, payload, co3_context_token, timeout) File "c:\Python\lib\site-packages\resilient\co3base.py", line 351, in post BasicHTTPException.raise_if_error(response) File "c:\Python\lib\site-packages\resilient\co3base.py", line 62, in raise_if_error raise BasicHTTPException(response) resilient.co3base.BasicHTTPException: Internal Server Error: {"success":false,"title":null,"message":"Internal Server Error","hints":[],"error_code":"generic"} During handling of the above exception, another exception occurred: Traceback (most recent call last): File "C:\Python\Scripts\testing_process\testing_process\components\funct_testing_integration_function.py", line 55, in _testing_integration_function_function self.rest_client().post(new_artifact_uri,payload=jsonData) File "c:\Python\lib\site-packages\resilient\co3.py", line 348, in post _raise_if_error(ex.get_response()) File "c:\Python\lib\site-packages\resilient\co3.py", line 211, in _raise_if_error raise SimpleHTTPException(response) resilient.co3.SimpleHTTPException: Internal Server Error: {"success":false,"title":null,"message":"Internal Server Error","hints":[],"error_code":"generic"}"
Thanks,
------------------------------
Bhaskar Chourasiya
Original Message:
Sent: Fri July 10, 2020 04:36 AM
From: Bhaskar Chourasiya
Subject: Resilient integration with Manage engine SDP
Hi Team,
I'm very new to the IBM resilient and starting SOAR from this tool only.
Also didn't have much knowledge of python.
Problem: I am trying to escalate resilient incident to ITSM tool (Manage Engine SDP) but it's not working as I planned.
I have followed the below link while doing this custom integration.
https://community.ibm.com/community/user/security/viewdocument/replay-resilient-developers-corn?CommunityKey=d2f71e8c-108e-4652-b59c-29d61af7163e&tab=librarydocuments
I have created all the resilient components and packaged all the components by using codegen.
Provided exact path of component directory in app.config file.
To the configuration, I ran the resilient circuit in debug mode and executed menu item rule while running the rule getting below error.
2020-07-10 12:31:45,841 ERROR [actions_component] <task[functionworker] (<function function.__call__.<locals>.decorated.<locals>._call_the_task at 0x00000153DD117550>, <testing_integration_function[functions.testing_integration_function] (id=33, workflow=testing_integration_workflow, user=admin@testing.com) 2020-07-10 07:01:56.436000> incident_id=9188)> (<class 'resilient_circuits.action_message.FunctionException_'>):
Traceback (most recent call last):
File "C:\Python\Scripts\testing_process\testing_process\components\funct_testing_integration_function.py", line 46, in _testing_integration_function_function
jsonData = json.dumps(requestinside) # Post a new artifact to the incident, using the provided REST API client
NameError: name 'json' is not defined
Also attaching the script that is being used in integration and looking forward for any help from experts.
Thanks,
Bhaskar Chourasiya
------------------------------
Bhaskar Chourasiya
------------------------------