IBM Security QRadar SOAR

 View Only
  • 1.  How to setup virtual environments integration server for each APP/Plugin - SOAR

    Posted Fri September 16, 2022 10:50 AM
    I have a integration server that is running some functions downloaded through xforce exchange hub, but when someone install a new function, may occur of the resilient_circuits service keeps crashing/restarting after the new package been installled cause some dependencies needed by the function can have some type of conflict with others. And the problem is solved uninstalling all the packages that was installed by the "pip install". whats the best way to setup a virtual environment for each plugin/app on my integration server?

    ------------------------------
    Charles Sousa
    ------------------------------


  • 2.  RE: How to setup virtual environments integration server for each APP/Plugin - SOAR

    Posted Mon September 19, 2022 10:23 AM
    Edited by Richard Giesige Mon September 19, 2022 10:24 AM

    Chales,


    I would highly recommend doing a app host as it makes it much easier to manage in the long run. (https://www.ibm.com/support/pages/build-your-first-qradar-soar-custom-integration-using-app-host) Or even looker at doing docker if you can't setup their app host as it makes the isolation and maintenance much easier.

    If you can not do an app host then you will need to setup a virtual environment the standard way using venv and then have a custom cron/systemd service that calls a bash files full path for each app/plugin.

    Something like this would have to be done in each specific bash file that you would call for each app:
    Bash (app1.sh) file:

    source /home/username/Workspace/venv1/bin/activate  
    python /home/username/Workspace/python/resilient-circuits.py


    ------------------------------
    Richard Giesige
    Security Engineer
    Oshkosh Corporation
    Oshkosh
    ------------------------------



  • 3.  RE: How to setup virtual environments integration server for each APP/Plugin - SOAR

    Posted Wed September 21, 2022 09:24 AM
    Hi Richard, i can't do an app host righ now. In your second option, there will be multiple resilient circuits services running at same time, right? So i have to activate a virtual env, run the service and deactive or can i leave multiple envs active?

    ------------------------------
    Charlie
    ------------------------------



  • 4.  RE: How to setup virtual environments integration server for each APP/Plugin - SOAR

    Posted Mon September 26, 2022 02:23 PM
    Charlie,

    You can leave the virtual environments running in my experience. 

    You can do it via systemd or cron job or Docker/Podman. (If you are uncomfortable with cron/systemd, I would highly recommend running Docker/Podman because Apphost is just docker files so it's really easy to get up and running.

    In my experience, running it as systemd has worked better and it restarts better on system startup/shutdown/restart

    Stackoverflow (Because I don't want to write it all out) - https://stackoverflow.com/questions/37211115/how-to-enable-a-virtualenv-in-a-systemd-service-unit

    Let me know if you want to talk about it over a virtual meeting or anything. 

    I don't work for IBM so this is just my experience running resilient circuits in multiple ways.

    ------------------------------
    Richard Giesige
    Security Engineer
    Oshkosh Corporation
    Oshkosh
    ------------------------------



  • 5.  RE: How to setup virtual environments integration server for each APP/Plugin - SOAR

    Posted Wed September 21, 2022 05:38 AM
    following as I have this problem too.

    ------------------------------
    mohamad islam hamadieh
    ------------------------------



  • 6.  RE: How to setup virtual environments integration server for each APP/Plugin - SOAR

    Posted Wed September 21, 2022 09:27 AM
    Hey, i was following this doc, but it's not all clear for me. https://www.ibm.com/docs/en/sqsp/35?topic=c-configuring-multiple-circuits-optional

    ------------------------------
    Charlie
    ------------------------------