IBM Security QRadar SOAR

 View Only
  • 1.  So Many Problems With Qradar App

    Posted Sat December 07, 2019 04:32 PM
    Hi,

    Resilient app for qradar has so many problems. Some times it stops send data to resilient. Now when our analysts closes incident from resilient, offense in qradar doesn't close. I have take a look at logs and see errors like below:

      File "/usr/local/lib/python2.7/socket.py", line 307, in flush
        self._sock.sendall(view[write_offset:write_offset+buffer_size])
    error: [Errno 32] Broken pipe​

    I have written to support but nothing solved yet. Any advice would be appreciated.

    Best

    ------------------------------
    Jasmine
    ------------------------------


  • 2.  RE: So Many Problems With Qradar App

    Posted Sun December 08, 2019 03:46 AM
    Edited by Jasmine Mon December 09, 2019 05:02 PM
    Your awesome engineer has solved the problem. This was about disable'ing the close rule.

    ------------------------------
    Jasmine
    ------------------------------



  • 3.  RE: So Many Problems With Qradar App

    Posted Mon December 09, 2019 11:59 AM
    Jasmine,

    I wanted to follow up because we are seeing the same issue in our organization.

    What do you mean about disabling the close rule? What resolved this problem for you?

    Right now we are looking at monitoring it with a comparison of what is open in QRadar and what is open in Resilient. But if you have solution that would clearly resolve this problem from happening I would love to hear it.

    Thanks,

    Rich

    ------------------------------
    Richard Giesige
    ------------------------------



  • 4.  RE: So Many Problems With Qradar App

    Posted Mon December 09, 2019 05:02 PM
    Hi Rich,

    Please go to resilient and open the rules. Take a look at rules (or search for qradar and close words) Make sure that these rules are enabled because the offense in qradar closes with these rules. Hope this helps you.

    Best
    Jasmine

    ------------------------------
    Jasmine
    ------------------------------