IBM Security QRadar SOAR

 View Only
Expand all | Collapse all

Unable to connect the resilient circuit run

  • 1.  Unable to connect the resilient circuit run

    Posted Fri October 23, 2020 09:38 AM
    Hi All.

    We would like to request your assistance on this. We installed Resilient Integration Server to the machine same with Resilient Platform however when running the scrpt resilient-circuits run I encountered below error

    2020-10-23 21:23:55,405 WARNING [co3] Unverified HTTPS requests (cafile=false).

    2020-10-23 21:23:55,416 INFO [rest_helper] Retry 1:1 waiting 60 secs for Resilient connection

    2020-10-23 21:24:55,469 WARNING [co3] Unverified HTTPS requests (cafile=false).

    2020-10-23 21:24:55,476 INFO [filelock] Lock 140440841715048 released on /root/.resilient/resilient_circuits_lockfile

    Unable to lock /root/.resilient/resilient_circuits_lockfile: Exceeded retries: 1

    Thanks.



    ------------------------------
    Marc
    ------------------------------


  • 2.  RE: Unable to connect the resilient circuit run

    Posted Tue October 27, 2020 05:53 AM
    Hi Marc please verify that your resilient server is reachable and can be pinged.
    Please enable DEBUG level logging in app.config.
    Also not sure is this is your full log message as some detail may be missing.
    If you can share your app.config (remove sensitive info) might help us understand why you cant connect.
    Also please identify what version of resilient you are using and the user exists on that server ..

    ------------------------------
    John Quirke
    ------------------------------



  • 3.  RE: Unable to connect the resilient circuit run

    Posted Tue October 27, 2020 07:45 AM
    Hi John.

    Thanks for your help, We already now fixed this one this afternoon, the problem is the hostname is not in the /etc/hosts. Now I have faced another problem.

    I was unable to run the "/usr/local/bin/resilient-circuits run" but if i do this one "sudo /usr/local/bin/resilient-circuits run" I was able to run it.

    [integration@hostname .resilient]$ /usr/local/bin/resilient-circuits run

    Traceback (most recent call last):

      File "/usr/local/bin/resilient-circuits", line 7, in <module>

        from resilient_circuits.bin.resilient_circuits_cmd import main

    ModuleNotFoundError: No module named 'resilient_circuits'

    ------------------------------
    Marc Lainez
    ------------------------------



  • 4.  RE: Unable to connect the resilient circuit run

    Posted Tue October 27, 2020 12:18 PM
    Hi Marc 
    (sorry for delay in coming back to you)


    are you running from locally or inside a virtual environment ?

    which version of python are you running ? run which python ?
    run pip list and verify python modules installed ?
    run resilient-circuits list ? can you share output

    ------------------------------
    John Quirke
    ------------------------------



  • 5.  RE: Unable to connect the resilient circuit run

    Posted Tue October 27, 2020 11:45 PM
    ​Hi John.

    It is running in azure virtual machine RedHat 7.8. we are using Python 3.6.8. Resilient Integration server is installed same with the machine of Resilient Platform. Please see below command and result
    For sudo pip3 list
    cachetools (2.1.0)
    certifi (2020.6.20)
    cffi (1.14.3)
    chardet (3.0.4)
    circuits (3.2)
    cryptography (3.2)
    filelock (3.0.12)
    idna (2.10)
    importlib-metadata (2.0.0)
    jeepney (0.4.3)
    Jinja2 (2.11.2)
    keyring (21.4.0)
    MarkupSafe (1.1.1)
    pathtools (0.1.2)
    pip (9.0.3)
    pycparser (2.20)
    PySocks (1.7.1)
    pytz (2020.1)
    rc-phantomcyber (1.0.20)
    requests (2.24.0)
    requests-mock (1.8.0)
    requests-toolbelt (0.9.1)
    resilient (38.0.76)
    resilient-circuits (38.0.76)
    SecretStorage (3.1.2)
    setuptools (50.3.2)
    six (1.15.0)
    stompest (2.3.0)
    urllib3 (1.25.11)
    watchdog (0.10.3)
    wheel (0.35.1)
    zipp (3.4.0)

    For pip3 list
    cachetools (2.1.0)
    certifi (2020.6.20)
    cffi (1.14.3)
    chardet (3.0.4)
    circuits (3.2)
    cryptography (3.1.1)
    filelock (3.0.12)
    idna (2.10)
    importlib-metadata (2.0.0)
    jeepney (0.4.3)
    Jinja2 (2.11.2)
    keyring (21.4.0)
    MarkupSafe (1.1.1)
    pathtools (0.1.2)
    pip (9.0.3)
    pycparser (2.20)
    PySocks (1.7.1)
    pytz (2020.1)
    requests (2.24.0)
    requests-mock (1.8.0)
    requests-toolbelt (0.9.1)
    resilient (38.0.76)
    SecretStorage (3.1.2)
    setuptools (50.3.2)
    six (1.15.0)
    stompest (2.3.0)
    urllib3 (1.25.11)
    watchdog (0.10.3)
    zipp (3.3.1)
    [integration@hostname ~]$ sudo /usr/local/bin/resilient-circuits list
    The following packages and components are installed:
    rc-phantomcyber==1.0.20:
            PhantomActions

    ------------------------------
    Marc Lainez
    ------------------------------



  • 6.  RE: Unable to connect the resilient circuit run

    Posted Wed October 28, 2020 06:09 AM
    Edited by John Quirke Wed October 28, 2020 06:13 AM
    Hi Marc

    It looks like your Python environment may not be fully configured.
    Can you run the following commands
    python --version
    python3 --version
    pip --version
    pip3 --version

    I think you may have installed your integration on python3 but you are trying to run in python2 possibly.
    Your default Python should point to python3


    Could you provide me the contents of /usr/local/bin to confirm.

    If I am right I have come across this issue before and it should hopefully be easily resolved.

    ------------------------------
    John Quirke
    ------------------------------



  • 7.  RE: Unable to connect the resilient circuit run

    Posted Fri February 05, 2021 06:24 PM
    Hi Team

    I also installed the resilient circuits on my machine and i attached app.config for your refernece i cant able run resilient-circuits run having the error

    C:\temp_dir>resilient-circuits run
    2021-02-05 13:04:28,359 INFO [app] Configuration file: C:\Users\Administrator\.resilient\app.config
    2021-02-05 13:04:28,360 INFO [app] Resilient server: localhost
    2021-02-05 13:04:28,360 INFO [app] Resilient user: antivirus@indianbank.co.in
    2021-02-05 13:04:28,361 INFO [app] Resilient org: IBM
    2021-02-05 13:04:28,362 INFO [app] Logging Level: INFO
    2021-02-05 13:04:30,369 INFO [rest_helper] Retry 1:1 waiting 60 secs for Resilient connection
    2021-02-05 13:05:32,382 INFO [filelock] Lock 713066344400 released on C:\Users\Administrator\.resilient\resilient_circuits_lockfile
    Unable to lock C:\Users\Administrator\.resilient\resilient_circuits_lockfile: Exceeded retries: 1



    appconfig file

    [resilient]
    # Basic service connection
    host=localhost
    port=443

    # Use (api_key_id, api_key_secret)
    # api_key_id=ApiKeyId
    # api_key_secret=ApiKeySecret
    # Or (email, password)
    email=nitece2012@gmail.com
    password=password

    org=IBM

    # Number of attempts to retry when connecting to Resilient. 0 = unlimited retries
    #max_connection_retries=10

    # CP4S
    # Actions Module connection
    # Use stomp_url when configuring an environment for CP4S
    #stomp_host=<CP4S stomp URL>
    #stomp_port=443
    #resource_prefix=/api/respond

    #stomp_timeout=120
    #stomp_max_retries=3

    # Optional parameters for stomp connections.....
    # Please refer to IBM Support for additional settings to those outlined below
    # format...... stomp_params=<param1=value1>,<,param2=value2>
    #stomp_params=startupMaxReconnectAttempts=3,maxReconnectAttempts=10,initialReconnectDelay=20

    # Directory containing additional components to load
    # componentsdir=components
    # Existing directory to write logs to, or set with $APP_LOG_DIR
    logdir c:\Users\Administrator\.resilient
    #logdir=/tmp
    logfile=app.log
    loglevel=INFO

    # The number of Functions to run concurrently (within the range: 1 <= 50)
    num_workers=10

    # If your Resilient server uses a self-signed TLS certificate, or some
    # other certificate that is not automatically trusted by your machine,
    # you need to explicitly tell the Python scripts that it should be trusted.
    # If you don't want to use a cert you can set cafile=false.
    # To explicitly trust a site, download its certificate to a file, e.g:
    # mkdir -p ~/.resilient
    # openssl s_client -connect #resilient.example.com:443 -showcerts < /dev/null 2> /dev/null | openssl x509 - outform PEM > ~/.resilient/cert.cer
    # then specify the file (remove the '#' from the line below)
    cafile=false

    ------------------------------
    Nithiyanantham Palanisamy
    ------------------------------



  • 8.  RE: Unable to connect the resilient circuit run

    Posted Mon February 08, 2021 05:35 AM
    Hi Nithiyanantham

    Dont see much in your logs  I suggest  the following

    (1) verify your Host Name is updated to that of your resilient server (integration server is NOT supported on your Resilient server....must be separate servers)
    (2) run your resilient-circuits in DEBUG level  (resilient-circuits run --loglevel DEBUG)
    (3) Verify email and password are correct on Resilient server (and you can login)

    Regards
    John

    ------------------------------
    John Quirke
    ------------------------------



  • 9.  RE: Unable to connect the resilient circuit run

    Posted Mon February 22, 2021 02:22 AM
    Hi John

    As l have tried many ways try to run resilient circuits run command. but it is showing the unable to lock file error showing. is it ways to produce certificate for lock the resilient circuits file. i am using windows machine to run this command. is the resilient server is local system ip address or it connect to online for resilient server ip.

    ------------------------------
    Nithiyanantham Palanisamy
    ------------------------------



  • 10.  RE: Unable to connect the resilient circuit run

    Posted Thu February 25, 2021 09:04 AM
    Hi Nithiyanantham

    can you verify your python environment by running the following commands

    python --version
    pip list
    resilient-circuits list

    As you are running on a windows environment I would also suggest reviewing the setup requirements for  resilient-circuits on windows.
    I think there maybe an issue with your app.config

    NOTE: To run Resilient Circuits commands on a Windows system, use resilient-circuits.exe. For example, "resilient-circuits.exe run" rather than "resilient-circuits run".

    John

    ------------------------------
    John Quirke
    ------------------------------



  • 11.  RE: Unable to connect the resilient circuit run

    Posted Fri February 26, 2021 12:50 AM
    HI JOHN


    the following output is here john


    C:\Temp_Dir>python --version
    Python 3.9.2

    C:\Temp_Dir>pip list
    Package Version
    ------------------ ---------
    cachetools 2.1.0
    certifi 2020.12.5
    chardet 4.0.0
    circuits 3.2.1
    filelock 3.0.12
    idna 2.10
    Jinja2 2.11.3
    keyring 22.0.1
    MarkupSafe 1.1.1
    pip 21.0.1
    PySocks 1.7.1
    pytz 2021.1
    pywin32 300
    pywin32-ctypes 0.2.0
    requests 2.25.1
    requests-mock 1.8.0
    requests-toolbelt 0.9.1
    resilient 40.0.100
    resilient-circuits 40.0.100
    setuptools 49.2.1
    setuptools-scm 5.0.1
    six 1.15.0
    stompest 2.3.0
    urllib3 1.26.3
    watchdog 2.0.1

    C:\Temp_Dir>resilient-cicuits list
    'resilient-cicuits' is not recognized as an internal or external command,
    operable program or batch file.

    C:\Temp_Dir>resilient-circuits list
    c:\users\murali r\appdata\local\programs\python\python39\lib\site-packages\setuptools\distutils_patch.py:25: UserWarning: Distutils was imported before Setuptools. This usage is discouraged and may exhibit undesirable behaviors or errors. Please use Setuptools' objects directly or at least import Setuptools first.
    warnings.warn(
    No resilient-circuits components are installed

    C:\Temp_Dir>pip install setuptools
    Requirement already satisfied: setuptools in c:\users\murali r\appdata\local\programs\python\python39\lib\site-packages (49.2.1)

    ------------------------------
    Nithiyanantham Palanisamy
    ------------------------------



  • 12.  RE: Unable to connect the resilient circuit run

    Posted Fri February 26, 2021 06:47 AM
    Hi Nithiyanantham


    We currently dont support Python 3.9.2 but saying that can you outline the steps you have carried out to create this environment.
    It looks like you installed resilient-circuits directly ....but had you any integrations previously installed and possibly removed.

    The steps would help us better understand your environment.


    Regards
    John


    ------------------------------
    John Quirke
    ------------------------------



  • 13.  RE: Unable to connect the resilient circuit run

    Posted Sat March 13, 2021 07:16 AM
    HI John

    Regret for Late reply

    As you said  i didn't do any integrations firstly i run the command pip install resilient and pip install --upgrade pip then pip install resilient-circuits after i run config -c after that i run resilient-circuits run before i configure the app.config file.

    my situation is that i want integrate resilient circuits to symantec endpoint protection manager to upload hash value to SEPM there is tool in IBM function to do that. 

    can you help me install resilient circuits and run the service to integrate resilient circuits to SEPM.

    or else provide SOP to install and run resilient circuits and integrate to SEPM.


    Regards
    Nithiyanantham Palanisamy

    ------------------------------
    Nithiyanantham Palanisamy
    ------------------------------



  • 14.  RE: Unable to connect the resilient circuit run

    Posted Mon March 15, 2021 05:17 AM
    Hi Nithiyanantham


    Your integration server appears to be windows ....so your localhost entry in app.config should point to your resilient server (ip address or dns).
    Can you confirm where your resilient server is running?
    ....localhost I dont think is a valid entry in app.config ? unless you have avery unusual setup ?

    Thanks John

    ------------------------------
    John Quirke
    ------------------------------



  • 15.  RE: Unable to connect the resilient circuit run

    Posted Mon March 15, 2021 10:49 AM
    Hi John

    I had also mentioned ip address of the machine. But it shows error as unable to lock file.
    Is necessary to produce certificate to lock the file and run

    Regards
    Nithiyanantham


    ------------------------------
    Nithiyanantham Palanisamy
    ------------------------------



  • 16.  RE: Unable to connect the resilient circuit run

    Posted Wed August 18, 2021 06:01 AM
    Hi John

    Is still you there to help me in this

    ------------------------------
    Nithiyanantham Palanisamy
    ------------------------------



  • 17.  RE: Unable to connect the resilient circuit run

    Posted Thu August 19, 2021 08:32 AM
    Hi Nithiyanantham 

    We can help!  What is the status of your issue now?

    AnnMarie

    ------------------------------
    AnnMarie Norcross
    ------------------------------



  • 18.  RE: Unable to connect the resilient circuit run

    Posted Fri October 27, 2023 01:39 PM

    @AnnMarie Norcross Hi,

    I have the same problem. The support team referred me here.

    https://community.ibm.com/community/user/security/discussion/running-circuits-via-virtual-environment-inside-resilient-servis-file-issue#bmbea93d21-7964-4791-b205-cc4f15660184



    ------------------------------
    Jasmin
    ------------------------------