IBM Security QRadar SOAR

I have a question about the meanings of the proxy settings for AppHost about the following URL:
There two proxy settings are mentioned in the page.

(1) 1. At the system hosting the App Host, edit the file /etc/systemd/system/k3s.service.env and set the following environment variables:

On the above page, there are no specific descriptions for what purposes to set those proxy settings.

My guesses are:

1. is used by k3s to connect to public repository (quay.io)
5. is used by AppHost pods to connect to SaaS version of Resilient.

Are they right?

------------------------------
Yohji Amano
------------------------------

Hello, you are quite correct!  There are actually 3 components that need to be configured for proxy use, and we hope to clarify this in the next release of documentation.

1. At the system hosting the App Host, edit the file /etc/systemd/system/k3s.service.env and set the following environment variables:

Yes, this is for k3s to connect to its public repositories to pull down its system containers and to pull down the app containers from quay.io.  That is why after you set this up, you should run
sudo kubectl get pods -n kube-system

And verify that the system pods are all Running or Completed.  If they remain in ContainerCreating or a failure state, then likely there is an issue with the proxy configuration.

2.

Absolutely correct. This is used by the AppHost "logic" pods to connect to Resilient.

3. The last component that needs to be configured is the individual Apps running in AppHost containers themselves.  This is configured through app.config file.  Most apps can be configured like so:

[integrations] # To override, add any parameter to your specific integration section
http_proxy=<PROXY URL>
https_proxy=<PROXY URL>
timeout=120

There are a few exceptions I believe, and there also a few apps that do not have proxy support yet. 

------------------------------
Howard Lu
------------------------------

Original Message:
Sent: Mon September 07, 2020 10:29 AM
From: Yohji Amano
Subject: Question about proxy settings for AppHost

I have a question about the meanings of the proxy settings for AppHost about the following URL:

https://www.ibm.com/support/knowledgecenter/en/SSBRUQ_37.0.0/doc/apps/proxy.html

There two proxy settings are mentioned in the page.

(1) 1. At the system hosting the App Host, edit the file /etc/systemd/system/k3s.service.env and set the following environment variables:

HTTP_PROXY=<proxy>

HTTPS_PROXY=<proxy info>

NO_PROXY=<localhost and other ips that don't need proxy>

(2) 5. To configure the App Host to connect through the proxy, run the following command to specify the proxy.

manageAppHost proxy --proxy-url <http://URL:port# of proxy>

On the above page, there are no specific descriptions for what purposes to set those proxy settings.

My guesses are:

1. is used by k3s to connect to public repository (quay.io)
5. is used by AppHost pods to connect to SaaS version of Resilient.

Are they right?

------------------------------
Yohji Amano
------------------------------