IBM Security QRadar SOAR

Hi,
our integration server (Resilient_circuits) is on our ova, not separated.
I upgraded our ova to python3.6, without knowing it can cause problem.

Now resilient_circuits service works on python3, and it only recognizes functions installed with pip3.
How can I make resilient_circuits work on python2 again, using functions installed with pip?

On python3 we can run some functions, but it seems not very compatible,
for example, fn-qradar-integration works when it is the most simplest query, but in most of the time the search takes really long,
or it just returns Unboundlocalerror. Because there are so many errors, I can't just fix everything.


------------------------------
Hanyu Lee
------------------------------

Thanks Hanyu I have reached out to our support team for advice with your query.

------------------------------
John Quirke
------------------------------

Original Message:
Sent: Sat October 24, 2020 03:31 AM
From: Hanyu Lee
Subject: How to downgrade python Resilient_circuits uses

Hi,
our integration server (Resilient_circuits) is on our ova, not separated.
I upgraded our ova to python3.6, without knowing it can cause problem.

Now resilient_circuits service works on python3, and it only recognizes functions installed with pip3.
How can I make resilient_circuits work on python2 again, using functions installed with pip?

On python3 we can run some functions, but it seems not very compatible,
for example, fn-qradar-integration works when it is the most simplest query, but in most of the time the search takes really long,
or it just returns Unboundlocalerror. Because there are so many errors, I can't just fix everything.


------------------------------
Hanyu Lee
------------------------------

Hi Hanyu,

I believe python 2 is still available on your OVA. You can confirm by typing:  'python2.7 --version' and by typing 'which python2.7' returning: /usr/local/bin/python2.7. Similarly, there should be pip2.7. So, if you can uninstall resilient-circuits using pip3 and reinstall with pip2.7. I think you can then type: 'resilient-circuits run' to start in the python2.7 environment.

------------------------------
Mark Scherfling
------------------------------

Original Message:
Sent: Sat October 24, 2020 03:31 AM
From: Hanyu Lee
Subject: How to downgrade python Resilient_circuits uses

Hi,
our integration server (Resilient_circuits) is on our ova, not separated.
I upgraded our ova to python3.6, without knowing it can cause problem.

Now resilient_circuits service works on python3, and it only recognizes functions installed with pip3.
How can I make resilient_circuits work on python2 again, using functions installed with pip?

On python3 we can run some functions, but it seems not very compatible,
for example, fn-qradar-integration works when it is the most simplest query, but in most of the time the search takes really long,
or it just returns Unboundlocalerror. Because there are so many errors, I can't just fix everything.


------------------------------
Hanyu Lee
------------------------------

Hi Mark, thank you for the reply.

Yes both python2 and 3 are available on our OVA checking with your guide.
When I type 'pip list' it returns resilient-circuits (30.0.89) and when I type 'pip3 list' it returns resilient-circuits (38.0.76)

I just typed pip install resilient-circuits --upgrade and now 'pip list' also returns resilient-circuits (38.0.76)
And after upgrade, now the resilient-circuits works on python2.7 again! (checking with systemctl status resilient_circuits)

So it seems perhaps resilient-circuits works based on the recent installed version?

I have further questions,
(1) is it possible to run both python3 applications and python2 applications on the same integration server?
(2) if not, is it possible to run two integration servers which run on python2 and on python3 each for the same Resilient org?

(3) and I heard because I installed python3 manually on Resilient OVA, it can cause system error in Resilient core. Is it true?
Luckily there were no errors found except resilient-circuits.



------------------------------
Hanyu Lee
------------------------------

Original Message:
Sent: Tue October 27, 2020 08:15 AM
From: Mark Scherfling
Subject: How to downgrade python Resilient_circuits uses

Hi Hanyu,

I believe python 2 is still available on your OVA. You can confirm by typing:  'python2.7 --version' and by typing 'which python2.7' returning: /usr/local/bin/python2.7. Similarly, there should be pip2.7. So, if you can uninstall resilient-circuits using pip3 and reinstall with pip2.7. I think you can then type: 'resilient-circuits run' to start in the python2.7 environment.

------------------------------
Mark Scherfling

Original Message:
Sent: Sat October 24, 2020 03:31 AM
From: Hanyu Lee
Subject: How to downgrade python Resilient_circuits uses

Hi,
our integration server (Resilient_circuits) is on our ova, not separated.
I upgraded our ova to python3.6, without knowing it can cause problem.

Now resilient_circuits service works on python3, and it only recognizes functions installed with pip3.
How can I make resilient_circuits work on python2 again, using functions installed with pip?

On python3 we can run some functions, but it seems not very compatible,
for example, fn-qradar-integration works when it is the most simplest query, but in most of the time the search takes really long,
or it just returns Unboundlocalerror. Because there are so many errors, I can't just fix everything.


------------------------------
Hanyu Lee
------------------------------

python --version 2.7.18
python3 --version 3.6.8

Best practice:
- do not Install Integration server on Resilient Server in production

I know it does not solve your problem, but have them both on a single box is not supported in production.


I really and strongly suggest you to:
- Use App Host (where you will solve Python 2 / Python 3 and dependencies issues while each integration has his own docker environment

and if you wish to stay on Integration server:
- install one integration server per python version, depending on the integration.


------------------------------
BENOIT ROSTAGNI
------------------------------

Original Message:
Sent: Sat October 24, 2020 03:31 AM
From: Hanyu Lee
Subject: How to downgrade python Resilient_circuits uses

Hi,
our integration server (Resilient_circuits) is on our ova, not separated.
I upgraded our ova to python3.6, without knowing it can cause problem.

Now resilient_circuits service works on python3, and it only recognizes functions installed with pip3.
How can I make resilient_circuits work on python2 again, using functions installed with pip?

On python3 we can run some functions, but it seems not very compatible,
for example, fn-qradar-integration works when it is the most simplest query, but in most of the time the search takes really long,
or it just returns Unboundlocalerror. Because there are so many errors, I can't just fix everything.


------------------------------
Hanyu Lee
------------------------------