IBM Security QRadar SOAR

Hi,

I want to use more than one organisation in resilient. But I need to know how can I use multiple organisation in config file. We don't have MSSP license. Any help or documentation would be appreciated.

[resilient]
# Basic service connection
host=
#host=resilient.localdomain
port=443
email=
password=^resilient_password
org=SOC

# Actions Module connection
#stomp_port=65001

# Directory containing additional components to load
componentsdir=components
# Existing directory to write logs to, or set with $APP_LOG_DIR
logdir=logs
logfile=app.log
loglevel=INFO

# If your Resilient server uses a self-signed TLS certificate, or some
# other certificate that is not automatically trusted by your machine,
# you need to explicitly tell the Python scripts that it should be trusted.
# If you don't want to use a cert you can set cafile=false.
# To explicitly trust a site, download its certificate to a file, e.g:
# mkdir -p ~/.resilient
# openssl s_client -connect resilient.example.com:443 -showcerts < /dev/null 2> /dev/null | openssl x509 -outform PEM > ~/.resilient/cert.cer
# then specify the file (remove the '#' from the line below):
#cafile=~/.resilient/cert.cer
cafile=false

------------------------------
Jasmine
------------------------------

Hi Jasmine,

You will need to run a Resilient circuits instance for each organisation in Resilient.

Thus can be achieved in several ways including:

1. Running a separate integration server for each organisation.
or
2. Running multiple instances of Resilient circuits on the same server using python virtual environments with an
instance for each organisation.

For option 2 above, python virtual environments can be managed by environment management tools such as
virtualenv or pipenv.

You will also need to specify separate config files for this option. This can be achieved by using the Resilient
circuits option --config-file.

e.g.
   resilient-circuits run --config-file <path_to_config_file>/app.config

Regards,
John

------------------------------
JOHN PRENDERGAST
------------------------------

Original Message:
Sent: Mon October 21, 2019 03:40 AM
From: Jasmine
Subject: Using more than one organisation in integration server

Hi,

I want to use more than one organisation in resilient. But I need to know how can I use multiple organisation in config file. We don't have MSSP license. Any help or documentation would be appreciated.

[resilient]
# Basic service connection
host=
#host=resilient.localdomain
port=443
email=
password=^resilient_password
org=SOC

# Actions Module connection
#stomp_port=65001

# Directory containing additional components to load
componentsdir=components
# Existing directory to write logs to, or set with $APP_LOG_DIR
logdir=logs
logfile=app.log
loglevel=INFO

# If your Resilient server uses a self-signed TLS certificate, or some
# other certificate that is not automatically trusted by your machine,
# you need to explicitly tell the Python scripts that it should be trusted.
# If you don't want to use a cert you can set cafile=false.
# To explicitly trust a site, download its certificate to a file, e.g:
# mkdir -p ~/.resilient
# openssl s_client -connect resilient.example.com:443 -showcerts < /dev/null 2> /dev/null | openssl x509 -outform PEM > ~/.resilient/cert.cer
# then specify the file (remove the '#' from the line below):
#cafile=~/.resilient/cert.cer
cafile=false

------------------------------
Jasmine
------------------------------