IBM Security QRadar SOAR

 View Only
  • 1.  ipinfo integration issue

    Posted Mon January 04, 2021 01:15 AM
    Facing issue in integrating with ipinfo.io. Below is the error in app logs. Any suggestions on how to resolve

    2021-01-04 11:54:49,178 ERROR [actions_component] <task[functionworker] (<function function.__call__.<locals>.decorated.<locals>._call_the_task at 0x7f68e40ecd90>, <fn_ipinfo_query_ip_address[functions.fn_ipinfo_query_ip_address] (id=75, workflow=example_query_ip_artifact_with_ipinfo, user=xyz) 2021-01-04 11:54:48.742000> ipinfo_query_ip='45.150.206.153')> (<class 'resilient_circuits.action_message.FunctionException_'>):
    Traceback (most recent call last):
    File "/opt/app-root/lib/python3.6/site-packages/urllib3/connection.py", line 160, in _new_conn
    (self._dns_host, self.port), self.timeout, **extra_kw
    File "/opt/app-root/lib/python3.6/site-packages/urllib3/util/connection.py", line 61, in create_connection
    for res in socket.getaddrinfo(host, port, family, socket.SOCK_STREAM):
    File "/usr/lib64/python3.6/socket.py", line 745, in getaddrinfo
    for res in _socket.getaddrinfo(host, port, family, type, proto, flags):
    socket.gaierror: [Errno -2] Name or service not known

    During handling of the above exception, another exception occurred:

    Traceback (most recent call last):
    File "/opt/app-root/lib/python3.6/site-packages/urllib3/connectionpool.py", line 677, in urlopen
    chunked=chunked,
    File "/opt/app-root/lib/python3.6/site-packages/urllib3/connectionpool.py", line 381, in _make_request
    self._validate_conn(conn)
    File "/opt/app-root/lib/python3.6/site-packages/urllib3/connectionpool.py", line 976, in _validate_conn
    conn.connect()
    File "/opt/app-root/lib/python3.6/site-packages/urllib3/connection.py", line 308, in connect
    conn = self._new_conn()
    File "/opt/app-root/lib/python3.6/site-packages/urllib3/connection.py", line 172, in _new_conn
    self, "Failed to establish a new connection: %s" % e
    urllib3.exceptions.NewConnectionError: <urllib3.connection.HTTPSConnection object at 0x7f68e40f3f28>: Failed to establish a new connection: [Errno -2] Name or service not known

    During handling of the above exception, another exception occurred:

    Traceback (most recent call last):
    File "/opt/app-root/lib/python3.6/site-packages/requests/adapters.py", line 449, in send
    timeout=timeout
    File "/opt/app-root/lib/python3.6/site-packages/urllib3/connectionpool.py", line 725, in urlopen
    method, url, error=e, _pool=self, _stacktrace=sys.exc_info()[2]
    File "/opt/app-root/lib/python3.6/site-packages/urllib3/util/retry.py", line 439, in increment
    raise MaxRetryError(_pool, url, error or ResponseError(cause))
    urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='ipinfo.io', port=443): Max retries exceeded with url: /45.150.206.153 (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f68e40f3f28>: Failed to establish a new connection: [Errno -2] Name or service not known',))

    During handling of the above exception, another exception occurred:

    Traceback (most recent call last):
    File "/opt/app-root/lib/python3.6/site-packages/fn_ipinfo/components/fn_ipinfo_query_ip_address.py", line 83, in _fn_ipinfo_query_ip_address_function
    details = ipinfo_handler.getDetails(ipinfo_query_ip)
    File "/opt/app-root/lib/python3.6/site-packages/ipinfo/handler.py", line 48, in getDetails
    raw_details = self._requestDetails(ip_address)
    File "/opt/app-root/lib/python3.6/site-packages/ipinfo/handler.py", line 99, in _requestDetails
    url, headers=self._get_headers(), **self.request_options
    File "/opt/app-root/lib/python3.6/site-packages/requests/api.py", line 76, in get
    return request('get', url, params=params, **kwargs)
    File "/opt/app-root/lib/python3.6/site-packages/requests/api.py", line 61, in request
    return session.request(method=method, url=url, **kwargs)
    File "/opt/app-root/lib/python3.6/site-packages/requests/sessions.py", line 530, in request
    resp = self.send(prep, **send_kwargs)
    File "/opt/app-root/lib/python3.6/site-packages/requests/sessions.py", line 643, in send
    r = adapter.send(request, **kwargs)
    File "/opt/app-root/lib/python3.6/site-packages/requests/adapters.py", line 516, in send
    raise ConnectionError(e, request=request)
    requests.exceptions.ConnectionError: HTTPSConnectionPool(host='ipinfo.io', port=443): Max retries exceeded with url: /45.150.206.153 (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f68e40f3f28>: Failed to establish a new connection: [Errno -2] Name or service not known',))

    During handling of the above exception, another exception occurred:

    Traceback (most recent call last):
    File "/opt/app-root/lib/python3.6/site-packages/fn_ipinfo/components/fn_ipinfo_query_ip_address.py", line 102, in _fn_ipinfo_query_ip_address_function
    if '404 Client Error' in e.args[0]:
    TypeError: argument of type 'MaxRetryError' is not iterable

    ------------------------------
    Sandeep Kothapalli
    ------------------------------


  • 2.  RE: ipinfo integration issue

    Posted Tue January 05, 2021 09:01 AM
    From this error:

    requests.exceptions.ConnectionError: HTTPSConnectionPool(host='ipinfo.io', port=443): Max retries exceeded with url: /45.150.206.153 (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f68e40f3f28>: Failed to establish a new connection: [Errno -2] Name or service not known',))

    It looks like the app server cannot make a network connection to ipinfo.io. I'd suggest testing the networking connections from the app server to the internet.

    Ben

    ------------------------------
    Ben Lurie
    ------------------------------



  • 3.  RE: ipinfo integration issue

    Posted Sun January 10, 2021 05:17 AM
    Thank you Ben.

    ------------------------------
    Sandeep Kothapalli
    ------------------------------