IBM Security QRadar SOAR

Hi Team,

We want to execute shell commands using resilient function. We have fn_utilities function available in our Resilient platform. It appears that there is provision to execute shell commands using utilities function. However, even after checking the documentation of utility function, we are unable to execute the ssh command.

For e.x. ,
we have xx.xx.xx.71 test server in our network where lets say we want to execute ls command (to test how the shell command gets executed). For that, we edited the app.config file on our resilient-circuits server (xx.xx.xx.61). But that doesn't seem to be helping.

Can you help us in executing shell commands using the resilient workflows ? It would be highly appreciated.

I hope the question is understandable. Please let me know if any issues.


Thanks,

Akhilesh Deshmukh,
SecurityHQ

------------------------------
Akhilesh Deshmukh,
Data Analyst, SecurityHQ
------------------------------

Can you post some details about the troubles you are having? Are there errors? Can you show how you have configured the Function inputs?

Ben

------------------------------
Ben Lurie
------------------------------

Original Message:
Sent: Tue March 02, 2021 04:00 AM
From: Akhilesh Deshmukh
Subject: Execute Shell Commands using Resilient

Hi Team,

We want to execute shell commands using resilient function. We have fn_utilities function available in our Resilient platform. It appears that there is provision to execute shell commands using utilities function. However, even after checking the documentation of utility function, we are unable to execute the ssh command.

For e.x. ,
we have xx.xx.xx.71 test server in our network where lets say we want to execute ls command (to test how the shell command gets executed). For that, we edited the app.config file on our resilient-circuits server (xx.xx.xx.61). But that doesn't seem to be helping.

Can you help us in executing shell commands using the resilient workflows ? It would be highly appreciated.

I hope the question is understandable. Please let me know if any issues.


Thanks,

Akhilesh Deshmukh,
SecurityHQ

------------------------------
Akhilesh Deshmukh,
Data Analyst, SecurityHQ
------------------------------

Hi Ben,

I am trying to execute "ls -alh" command on the remote computer just to check how the remote shell command execution works. Below is the screenshot for reference. Please let me know, if this is incorrectly configured.



Also, this is how the function has been configured in Resilient. Refer below screenshot.






After execution of the workflow, I am receiving below error.


==========================================================================================================================

I am unable to understand where I am exactly missing to configure this properly. Please kindly help with this.


Thanks,

------------------------------
Akhilesh Deshmukh,
Data Analyst, SecurityHQ
------------------------------

Original Message:
Sent: Wed March 03, 2021 07:37 AM
From: Ben Lurie
Subject: Execute Shell Commands using Resilient

Can you post some details about the troubles you are having? Are there errors? Can you show how you have configured the Function inputs?

Ben

------------------------------
Ben Lurie

Original Message:
Sent: Tue March 02, 2021 04:00 AM
From: Akhilesh Deshmukh
Subject: Execute Shell Commands using Resilient

Hi Team,

We want to execute shell commands using resilient function. We have fn_utilities function available in our Resilient platform. It appears that there is provision to execute shell commands using utilities function. However, even after checking the documentation of utility function, we are unable to execute the ssh command.

For e.x. ,
we have xx.xx.xx.71 test server in our network where lets say we want to execute ls command (to test how the shell command gets executed). For that, we edited the app.config file on our resilient-circuits server (xx.xx.xx.61). But that doesn't seem to be helping.

Can you help us in executing shell commands using the resilient workflows ? It would be highly appreciated.

I hope the question is understandable. Please let me know if any issues.


Thanks,

Akhilesh Deshmukh,
SecurityHQ

------------------------------
Akhilesh Deshmukh,
Data Analyst, SecurityHQ
------------------------------

Using the google keywords 'ibm resilient fn_utilities remote command' I was able to find this: file:///Users/blurie@us.ibm.com/Downloads/fn_utilities-v1.0.10.pdf which contains the following examples:



Hopefully that helps.

Ben

------------------------------
Ben Lurie
------------------------------

Original Message:
Sent: Mon March 08, 2021 04:28 AM
From: Akhilesh Deshmukh
Subject: Execute Shell Commands using Resilient

Hi Ben,

I am trying to execute "ls -alh" command on the remote computer just to check how the remote shell command execution works. Below is the screenshot for reference. Please let me know, if this is incorrectly configured.



Also, this is how the function has been configured in Resilient. Refer below screenshot.






After execution of the workflow, I am receiving below error.


==========================================================================================================================

I am unable to understand where I am exactly missing to configure this properly. Please kindly help with this.


Thanks,

------------------------------
Akhilesh Deshmukh,
Data Analyst, SecurityHQ

Original Message:
Sent: Wed March 03, 2021 07:37 AM
From: Ben Lurie
Subject: Execute Shell Commands using Resilient

Can you post some details about the troubles you are having? Are there errors? Can you show how you have configured the Function inputs?

Ben

------------------------------
Ben Lurie

Original Message:
Sent: Tue March 02, 2021 04:00 AM
From: Akhilesh Deshmukh
Subject: Execute Shell Commands using Resilient

Hi Team,

We want to execute shell commands using resilient function. We have fn_utilities function available in our Resilient platform. It appears that there is provision to execute shell commands using utilities function. However, even after checking the documentation of utility function, we are unable to execute the ssh command.

For e.x. ,
we have xx.xx.xx.71 test server in our network where lets say we want to execute ls command (to test how the shell command gets executed). For that, we edited the app.config file on our resilient-circuits server (xx.xx.xx.61). But that doesn't seem to be helping.

Can you help us in executing shell commands using the resilient workflows ? It would be highly appreciated.

I hope the question is understandable. Please let me know if any issues.


Thanks,

Akhilesh Deshmukh,
SecurityHQ

------------------------------
Akhilesh Deshmukh,
Data Analyst, SecurityHQ
------------------------------

Hi Ben,

Thanks for your response. I have gone through the documentation for fn_utilities. I have performed the steps in same way as given in the documentation.
You can see the steps in the screenshots above. 

However, it is not helping us to execute the shell command remotely. Is there any way I can get any help with this issue ? I opened a ticket with IBM support, however, they asked to direct this question to community instead.
 

Thanks,

------------------------------
Akhilesh Deshmukh,
Data Analyst, SecurityHQ
------------------------------

Original Message:
Sent: Mon March 08, 2021 09:16 AM
From: Ben Lurie
Subject: Execute Shell Commands using Resilient

Using the google keywords 'ibm resilient fn_utilities remote command' I was able to find this: file:///Users/blurie@us.ibm.com/Downloads/fn_utilities-v1.0.10.pdf which contains the following examples:



Hopefully that helps.

Ben

------------------------------
Ben Lurie

Original Message:
Sent: Mon March 08, 2021 04:28 AM
From: Akhilesh Deshmukh
Subject: Execute Shell Commands using Resilient

Hi Ben,

I am trying to execute "ls -alh" command on the remote computer just to check how the remote shell command execution works. Below is the screenshot for reference. Please let me know, if this is incorrectly configured.



Also, this is how the function has been configured in Resilient. Refer below screenshot.






After execution of the workflow, I am receiving below error.


==========================================================================================================================

I am unable to understand where I am exactly missing to configure this properly. Please kindly help with this.


Thanks,

------------------------------
Akhilesh Deshmukh,
Data Analyst, SecurityHQ

Original Message:
Sent: Wed March 03, 2021 07:37 AM
From: Ben Lurie
Subject: Execute Shell Commands using Resilient

Can you post some details about the troubles you are having? Are there errors? Can you show how you have configured the Function inputs?

Ben

------------------------------
Ben Lurie

Original Message:
Sent: Tue March 02, 2021 04:00 AM
From: Akhilesh Deshmukh
Subject: Execute Shell Commands using Resilient

Hi Team,

We want to execute shell commands using resilient function. We have fn_utilities function available in our Resilient platform. It appears that there is provision to execute shell commands using utilities function. However, even after checking the documentation of utility function, we are unable to execute the ssh command.

For e.x. ,
we have xx.xx.xx.71 test server in our network where lets say we want to execute ls command (to test how the shell command gets executed). For that, we edited the app.config file on our resilient-circuits server (xx.xx.xx.61). But that doesn't seem to be helping.

Can you help us in executing shell commands using the resilient workflows ? It would be highly appreciated.

I hope the question is understandable. Please let me know if any issues.


Thanks,

Akhilesh Deshmukh,
SecurityHQ

------------------------------
Akhilesh Deshmukh,
Data Analyst, SecurityHQ
------------------------------

Hi Ben,

I was able to successfully execute shell commands on local as well as remote computer from Resilient. The output of the command executed is added as an Incident Note. However, I am facing one issue now. I am not able to get the exitcode. Please check below screenshot.



This is the post-process script I am using in the workflow.



Since, the exitcode is not '0', we are receiving Command failed response. However, the command specified is properly getting executed.

For e.x.
In above case, I executed touch /home/test.txt on remote computer to create test.txt file in home directory.
After executing the workflow, the test.txt file was successfully generated, however, since the exitcode was not equal to '0', we are receiving Command failed response.

Do you have any idea why the exitcode is not receiving even after successful execution of command ? Any help would be appreciated.


Thanks,

------------------------------
Akhilesh Deshmukh,
Data Analyst, SecurityHQ
------------------------------

Original Message:
Sent: Tue March 09, 2021 12:34 AM
From: Akhilesh Deshmukh
Subject: Execute Shell Commands using Resilient

Hi Ben,

Thanks for your response. I have gone through the documentation for fn_utilities. I have performed the steps in same way as given in the documentation.
You can see the steps in the screenshots above. 

However, it is not helping us to execute the shell command remotely. Is there any way I can get any help with this issue ? I opened a ticket with IBM support, however, they asked to direct this question to community instead.
 

Thanks,

------------------------------
Akhilesh Deshmukh,
Data Analyst, SecurityHQ

Original Message:
Sent: Mon March 08, 2021 09:16 AM
From: Ben Lurie
Subject: Execute Shell Commands using Resilient

Using the google keywords 'ibm resilient fn_utilities remote command' I was able to find this: file:///Users/blurie@us.ibm.com/Downloads/fn_utilities-v1.0.10.pdf which contains the following examples:



Hopefully that helps.

Ben

------------------------------
Ben Lurie

Original Message:
Sent: Mon March 08, 2021 04:28 AM
From: Akhilesh Deshmukh
Subject: Execute Shell Commands using Resilient

Hi Ben,

I am trying to execute "ls -alh" command on the remote computer just to check how the remote shell command execution works. Below is the screenshot for reference. Please let me know, if this is incorrectly configured.



Also, this is how the function has been configured in Resilient. Refer below screenshot.






After execution of the workflow, I am receiving below error.


==========================================================================================================================

I am unable to understand where I am exactly missing to configure this properly. Please kindly help with this.


Thanks,

------------------------------
Akhilesh Deshmukh,
Data Analyst, SecurityHQ

Original Message:
Sent: Wed March 03, 2021 07:37 AM
From: Ben Lurie
Subject: Execute Shell Commands using Resilient

Can you post some details about the troubles you are having? Are there errors? Can you show how you have configured the Function inputs?

Ben

------------------------------
Ben Lurie

Original Message:
Sent: Tue March 02, 2021 04:00 AM
From: Akhilesh Deshmukh
Subject: Execute Shell Commands using Resilient

Hi Team,

We want to execute shell commands using resilient function. We have fn_utilities function available in our Resilient platform. It appears that there is provision to execute shell commands using utilities function. However, even after checking the documentation of utility function, we are unable to execute the ssh command.

For e.x. ,
we have xx.xx.xx.71 test server in our network where lets say we want to execute ls command (to test how the shell command gets executed). For that, we edited the app.config file on our resilient-circuits server (xx.xx.xx.61). But that doesn't seem to be helping.

Can you help us in executing shell commands using the resilient workflows ? It would be highly appreciated.

I hope the question is understandable. Please let me know if any issues.


Thanks,

Akhilesh Deshmukh,
SecurityHQ

------------------------------
Akhilesh Deshmukh,
Data Analyst, SecurityHQ
------------------------------

You can see in the first screenshot the exitcode is 'None'. The script is checking results.exitcode == 0 which does not evaluate to 'True'. Try switching the check to results.exitcode == 0 || results.exitcode is None.

Ben

------------------------------
Ben Lurie
------------------------------

Original Message:
Sent: Tue March 09, 2021 04:20 AM
From: Akhilesh Deshmukh
Subject: Execute Shell Commands using Resilient

Hi Ben,

I was able to successfully execute shell commands on local as well as remote computer from Resilient. The output of the command executed is added as an Incident Note. However, I am facing one issue now. I am not able to get the exitcode. Please check below screenshot.



This is the post-process script I am using in the workflow.



Since, the exitcode is not '0', we are receiving Command failed response. However, the command specified is properly getting executed.

For e.x.
In above case, I executed touch /home/test.txt on remote computer to create test.txt file in home directory.
After executing the workflow, the test.txt file was successfully generated, however, since the exitcode was not equal to '0', we are receiving Command failed response.

Do you have any idea why the exitcode is not receiving even after successful execution of command ? Any help would be appreciated.


Thanks,

------------------------------
Akhilesh Deshmukh,
Data Analyst, SecurityHQ

Original Message:
Sent: Tue March 09, 2021 12:34 AM
From: Akhilesh Deshmukh
Subject: Execute Shell Commands using Resilient

Hi Ben,

Thanks for your response. I have gone through the documentation for fn_utilities. I have performed the steps in same way as given in the documentation.
You can see the steps in the screenshots above. 

However, it is not helping us to execute the shell command remotely. Is there any way I can get any help with this issue ? I opened a ticket with IBM support, however, they asked to direct this question to community instead.
 

Thanks,

------------------------------
Akhilesh Deshmukh,
Data Analyst, SecurityHQ

Original Message:
Sent: Mon March 08, 2021 09:16 AM
From: Ben Lurie
Subject: Execute Shell Commands using Resilient

Using the google keywords 'ibm resilient fn_utilities remote command' I was able to find this: file:///Users/blurie@us.ibm.com/Downloads/fn_utilities-v1.0.10.pdf which contains the following examples:



Hopefully that helps.

Ben

------------------------------
Ben Lurie

Original Message:
Sent: Mon March 08, 2021 04:28 AM
From: Akhilesh Deshmukh
Subject: Execute Shell Commands using Resilient

Hi Ben,

I am trying to execute "ls -alh" command on the remote computer just to check how the remote shell command execution works. Below is the screenshot for reference. Please let me know, if this is incorrectly configured.



Also, this is how the function has been configured in Resilient. Refer below screenshot.






After execution of the workflow, I am receiving below error.


==========================================================================================================================

I am unable to understand where I am exactly missing to configure this properly. Please kindly help with this.


Thanks,

------------------------------
Akhilesh Deshmukh,
Data Analyst, SecurityHQ

Original Message:
Sent: Wed March 03, 2021 07:37 AM
From: Ben Lurie
Subject: Execute Shell Commands using Resilient

Can you post some details about the troubles you are having? Are there errors? Can you show how you have configured the Function inputs?

Ben

------------------------------
Ben Lurie

Original Message:
Sent: Tue March 02, 2021 04:00 AM
From: Akhilesh Deshmukh
Subject: Execute Shell Commands using Resilient

Hi Team,

We want to execute shell commands using resilient function. We have fn_utilities function available in our Resilient platform. It appears that there is provision to execute shell commands using utilities function. However, even after checking the documentation of utility function, we are unable to execute the ssh command.

For e.x. ,
we have xx.xx.xx.71 test server in our network where lets say we want to execute ls command (to test how the shell command gets executed). For that, we edited the app.config file on our resilient-circuits server (xx.xx.xx.61). But that doesn't seem to be helping.

Can you help us in executing shell commands using the resilient workflows ? It would be highly appreciated.

I hope the question is understandable. Please let me know if any issues.


Thanks,

Akhilesh Deshmukh,
SecurityHQ

------------------------------
Akhilesh Deshmukh,
Data Analyst, SecurityHQ
------------------------------

Hi Ben,

I got your point. The post-processing script can be handled to treat the exitcode which is coming as None. But, I am trying to figure out how the exitcode is not getting generated even after successful execution of the command.

If we treated the post-processing script to handle None value, then, how can we get to know when there would be actual error while executing remote shell command. The output should return 0 (success) or 1 (fail). However, it is returning as None.

Need to figure out this thing. Thanks for your help though.

Thanks,

------------------------------
Akhilesh Deshmukh,
Data Analyst, SecurityHQ
------------------------------

Original Message:
Sent: Tue March 09, 2021 07:05 AM
From: Ben Lurie
Subject: Execute Shell Commands using Resilient

You can see in the first screenshot the exitcode is 'None'. The script is checking results.exitcode == 0 which does not evaluate to 'True'. Try switching the check to results.exitcode == 0 || results.exitcode is None.

Ben

------------------------------
Ben Lurie

Original Message:
Sent: Tue March 09, 2021 04:20 AM
From: Akhilesh Deshmukh
Subject: Execute Shell Commands using Resilient

Hi Ben,

I was able to successfully execute shell commands on local as well as remote computer from Resilient. The output of the command executed is added as an Incident Note. However, I am facing one issue now. I am not able to get the exitcode. Please check below screenshot.



This is the post-process script I am using in the workflow.



Since, the exitcode is not '0', we are receiving Command failed response. However, the command specified is properly getting executed.

For e.x.
In above case, I executed touch /home/test.txt on remote computer to create test.txt file in home directory.
After executing the workflow, the test.txt file was successfully generated, however, since the exitcode was not equal to '0', we are receiving Command failed response.

Do you have any idea why the exitcode is not receiving even after successful execution of command ? Any help would be appreciated.


Thanks,

------------------------------
Akhilesh Deshmukh,
Data Analyst, SecurityHQ

Original Message:
Sent: Tue March 09, 2021 12:34 AM
From: Akhilesh Deshmukh
Subject: Execute Shell Commands using Resilient

Hi Ben,

Thanks for your response. I have gone through the documentation for fn_utilities. I have performed the steps in same way as given in the documentation.
You can see the steps in the screenshots above. 

However, it is not helping us to execute the shell command remotely. Is there any way I can get any help with this issue ? I opened a ticket with IBM support, however, they asked to direct this question to community instead.
 

Thanks,

------------------------------
Akhilesh Deshmukh,
Data Analyst, SecurityHQ

Original Message:
Sent: Mon March 08, 2021 09:16 AM
From: Ben Lurie
Subject: Execute Shell Commands using Resilient

Using the google keywords 'ibm resilient fn_utilities remote command' I was able to find this: file:///Users/blurie@us.ibm.com/Downloads/fn_utilities-v1.0.10.pdf which contains the following examples:



Hopefully that helps.

Ben

------------------------------
Ben Lurie

Original Message:
Sent: Mon March 08, 2021 04:28 AM
From: Akhilesh Deshmukh
Subject: Execute Shell Commands using Resilient

Hi Ben,

I am trying to execute "ls -alh" command on the remote computer just to check how the remote shell command execution works. Below is the screenshot for reference. Please let me know, if this is incorrectly configured.



Also, this is how the function has been configured in Resilient. Refer below screenshot.






After execution of the workflow, I am receiving below error.


==========================================================================================================================

I am unable to understand where I am exactly missing to configure this properly. Please kindly help with this.


Thanks,

------------------------------
Akhilesh Deshmukh,
Data Analyst, SecurityHQ

Original Message:
Sent: Wed March 03, 2021 07:37 AM
From: Ben Lurie
Subject: Execute Shell Commands using Resilient

Can you post some details about the troubles you are having? Are there errors? Can you show how you have configured the Function inputs?

Ben

------------------------------
Ben Lurie

Original Message:
Sent: Tue March 02, 2021 04:00 AM
From: Akhilesh Deshmukh
Subject: Execute Shell Commands using Resilient

Hi Team,

We want to execute shell commands using resilient function. We have fn_utilities function available in our Resilient platform. It appears that there is provision to execute shell commands using utilities function. However, even after checking the documentation of utility function, we are unable to execute the ssh command.

For e.x. ,
we have xx.xx.xx.71 test server in our network where lets say we want to execute ls command (to test how the shell command gets executed). For that, we edited the app.config file on our resilient-circuits server (xx.xx.xx.61). But that doesn't seem to be helping.

Can you help us in executing shell commands using the resilient workflows ? It would be highly appreciated.

I hope the question is understandable. Please let me know if any issues.


Thanks,

Akhilesh Deshmukh,
SecurityHQ

------------------------------
Akhilesh Deshmukh,
Data Analyst, SecurityHQ
------------------------------

How did you manage to cause the command to be called remotely on the linux machine so that this error does not appear to you? I have the same problem.

------------------------------
Marcin Sołtys
------------------------------

Original Message:
Sent: Tue March 09, 2021 04:20 AM
From: Akhilesh Deshmukh
Subject: Execute Shell Commands using Resilient

Hi Ben,

I was able to successfully execute shell commands on local as well as remote computer from Resilient. The output of the command executed is added as an Incident Note. However, I am facing one issue now. I am not able to get the exitcode. Please check below screenshot.



This is the post-process script I am using in the workflow.



Since, the exitcode is not '0', we are receiving Command failed response. However, the command specified is properly getting executed.

For e.x.
In above case, I executed touch /home/test.txt on remote computer to create test.txt file in home directory.
After executing the workflow, the test.txt file was successfully generated, however, since the exitcode was not equal to '0', we are receiving Command failed response.

Do you have any idea why the exitcode is not receiving even after successful execution of command ? Any help would be appreciated.


Thanks,

------------------------------
Akhilesh Deshmukh,
Data Analyst, SecurityHQ

Original Message:
Sent: Tue March 09, 2021 12:34 AM
From: Akhilesh Deshmukh
Subject: Execute Shell Commands using Resilient

Hi Ben,

Thanks for your response. I have gone through the documentation for fn_utilities. I have performed the steps in same way as given in the documentation.
You can see the steps in the screenshots above. 

However, it is not helping us to execute the shell command remotely. Is there any way I can get any help with this issue ? I opened a ticket with IBM support, however, they asked to direct this question to community instead.
 

Thanks,

------------------------------
Akhilesh Deshmukh,
Data Analyst, SecurityHQ

Original Message:
Sent: Mon March 08, 2021 09:16 AM
From: Ben Lurie
Subject: Execute Shell Commands using Resilient

Using the google keywords 'ibm resilient fn_utilities remote command' I was able to find this: file:///Users/blurie@us.ibm.com/Downloads/fn_utilities-v1.0.10.pdf which contains the following examples:



Hopefully that helps.

Ben

------------------------------
Ben Lurie

Original Message:
Sent: Mon March 08, 2021 04:28 AM
From: Akhilesh Deshmukh
Subject: Execute Shell Commands using Resilient

Hi Ben,

I am trying to execute "ls -alh" command on the remote computer just to check how the remote shell command execution works. Below is the screenshot for reference. Please let me know, if this is incorrectly configured.



Also, this is how the function has been configured in Resilient. Refer below screenshot.






After execution of the workflow, I am receiving below error.


==========================================================================================================================

I am unable to understand where I am exactly missing to configure this properly. Please kindly help with this.


Thanks,

------------------------------
Akhilesh Deshmukh,
Data Analyst, SecurityHQ

Original Message:
Sent: Wed March 03, 2021 07:37 AM
From: Ben Lurie
Subject: Execute Shell Commands using Resilient

Can you post some details about the troubles you are having? Are there errors? Can you show how you have configured the Function inputs?

Ben

------------------------------
Ben Lurie

Original Message:
Sent: Tue March 02, 2021 04:00 AM
From: Akhilesh Deshmukh
Subject: Execute Shell Commands using Resilient

Hi Team,

We want to execute shell commands using resilient function. We have fn_utilities function available in our Resilient platform. It appears that there is provision to execute shell commands using utilities function. However, even after checking the documentation of utility function, we are unable to execute the ssh command.

For e.x. ,
we have xx.xx.xx.71 test server in our network where lets say we want to execute ls command (to test how the shell command gets executed). For that, we edited the app.config file on our resilient-circuits server (xx.xx.xx.61). But that doesn't seem to be helping.

Can you help us in executing shell commands using the resilient workflows ? It would be highly appreciated.

I hope the question is understandable. Please let me know if any issues.


Thanks,

Akhilesh Deshmukh,
SecurityHQ

------------------------------
Akhilesh Deshmukh,
Data Analyst, SecurityHQ
------------------------------