IBM Security SOAR

Expand all | Collapse all

Unable to connect the resilient circuit run

  • 1.  Unable to connect the resilient circuit run

    Posted Fri October 23, 2020 09:38 AM
    Hi All.

    We would like to request your assistance on this. We installed Resilient Integration Server to the machine same with Resilient Platform however when running the scrpt resilient-circuits run I encountered below error

    2020-10-23 21:23:55,405 WARNING [co3] Unverified HTTPS requests (cafile=false).

    2020-10-23 21:23:55,416 INFO [rest_helper] Retry 1:1 waiting 60 secs for Resilient connection

    2020-10-23 21:24:55,469 WARNING [co3] Unverified HTTPS requests (cafile=false).

    2020-10-23 21:24:55,476 INFO [filelock] Lock 140440841715048 released on /root/.resilient/resilient_circuits_lockfile

    Unable to lock /root/.resilient/resilient_circuits_lockfile: Exceeded retries: 1

    Thanks.



    ------------------------------
    Marc
    ------------------------------


  • 2.  RE: Unable to connect the resilient circuit run

    Posted Tue October 27, 2020 05:53 AM
    Hi Marc please verify that your resilient server is reachable and can be pinged.
    Please enable DEBUG level logging in app.config.
    Also not sure is this is your full log message as some detail may be missing.
    If you can share your app.config (remove sensitive info) might help us understand why you cant connect.
    Also please identify what version of resilient you are using and the user exists on that server ..

    ------------------------------
    John Quirke
    ------------------------------



  • 3.  RE: Unable to connect the resilient circuit run

    Posted Tue October 27, 2020 07:45 AM
    Hi John.

    Thanks for your help, We already now fixed this one this afternoon, the problem is the hostname is not in the /etc/hosts. Now I have faced another problem.

    I was unable to run the "/usr/local/bin/resilient-circuits run" but if i do this one "sudo /usr/local/bin/resilient-circuits run" I was able to run it.

    [integration@hostname .resilient]$ /usr/local/bin/resilient-circuits run

    Traceback (most recent call last):

      File "/usr/local/bin/resilient-circuits", line 7, in <module>

        from resilient_circuits.bin.resilient_circuits_cmd import main

    ModuleNotFoundError: No module named 'resilient_circuits'

    ------------------------------
    Marc Lainez
    ------------------------------



  • 4.  RE: Unable to connect the resilient circuit run

    Posted Tue October 27, 2020 12:18 PM
    Hi Marc 
    (sorry for delay in coming back to you)


    are you running from locally or inside a virtual environment ?

    which version of python are you running ? run which python ?
    run pip list and verify python modules installed ?
    run resilient-circuits list ? can you share output

    ------------------------------
    John Quirke
    ------------------------------



  • 5.  RE: Unable to connect the resilient circuit run

    Posted Tue October 27, 2020 11:45 PM
    ​Hi John.

    It is running in azure virtual machine RedHat 7.8. we are using Python 3.6.8. Resilient Integration server is installed same with the machine of Resilient Platform. Please see below command and result
    For sudo pip3 list
    cachetools (2.1.0)
    certifi (2020.6.20)
    cffi (1.14.3)
    chardet (3.0.4)
    circuits (3.2)
    cryptography (3.2)
    filelock (3.0.12)
    idna (2.10)
    importlib-metadata (2.0.0)
    jeepney (0.4.3)
    Jinja2 (2.11.2)
    keyring (21.4.0)
    MarkupSafe (1.1.1)
    pathtools (0.1.2)
    pip (9.0.3)
    pycparser (2.20)
    PySocks (1.7.1)
    pytz (2020.1)
    rc-phantomcyber (1.0.20)
    requests (2.24.0)
    requests-mock (1.8.0)
    requests-toolbelt (0.9.1)
    resilient (38.0.76)
    resilient-circuits (38.0.76)
    SecretStorage (3.1.2)
    setuptools (50.3.2)
    six (1.15.0)
    stompest (2.3.0)
    urllib3 (1.25.11)
    watchdog (0.10.3)
    wheel (0.35.1)
    zipp (3.4.0)

    For pip3 list
    cachetools (2.1.0)
    certifi (2020.6.20)
    cffi (1.14.3)
    chardet (3.0.4)
    circuits (3.2)
    cryptography (3.1.1)
    filelock (3.0.12)
    idna (2.10)
    importlib-metadata (2.0.0)
    jeepney (0.4.3)
    Jinja2 (2.11.2)
    keyring (21.4.0)
    MarkupSafe (1.1.1)
    pathtools (0.1.2)
    pip (9.0.3)
    pycparser (2.20)
    PySocks (1.7.1)
    pytz (2020.1)
    requests (2.24.0)
    requests-mock (1.8.0)
    requests-toolbelt (0.9.1)
    resilient (38.0.76)
    SecretStorage (3.1.2)
    setuptools (50.3.2)
    six (1.15.0)
    stompest (2.3.0)
    urllib3 (1.25.11)
    watchdog (0.10.3)
    zipp (3.3.1)
    [integration@hostname ~]$ sudo /usr/local/bin/resilient-circuits list
    The following packages and components are installed:
    rc-phantomcyber==1.0.20:
            PhantomActions

    ------------------------------
    Marc Lainez
    ------------------------------



  • 6.  RE: Unable to connect the resilient circuit run

    Posted Wed October 28, 2020 06:09 AM
    Edited by John Quirke Wed October 28, 2020 06:13 AM
    Hi Marc

    It looks like your Python environment may not be fully configured.
    Can you run the following commands
    python --version
    python3 --version
    pip --version
    pip3 --version

    I think you may have installed your integration on python3 but you are trying to run in python2 possibly.
    Your default Python should point to python3


    Could you provide me the contents of /usr/local/bin to confirm.

    If I am right I have come across this issue before and it should hopefully be easily resolved.

    ------------------------------
    John Quirke
    ------------------------------



  • 7.  RE: Unable to connect the resilient circuit run

    Posted 21 days ago
    Hi Team

    I also installed the resilient circuits on my machine and i attached app.config for your refernece i cant able run resilient-circuits run having the error

    C:\temp_dir>resilient-circuits run
    2021-02-05 13:04:28,359 INFO [app] Configuration file: C:\Users\Administrator\.resilient\app.config
    2021-02-05 13:04:28,360 INFO [app] Resilient server: localhost
    2021-02-05 13:04:28,360 INFO [app] Resilient user: antivirus@indianbank.co.in
    2021-02-05 13:04:28,361 INFO [app] Resilient org: IBM
    2021-02-05 13:04:28,362 INFO [app] Logging Level: INFO
    2021-02-05 13:04:30,369 INFO [rest_helper] Retry 1:1 waiting 60 secs for Resilient connection
    2021-02-05 13:05:32,382 INFO [filelock] Lock 713066344400 released on C:\Users\Administrator\.resilient\resilient_circuits_lockfile
    Unable to lock C:\Users\Administrator\.resilient\resilient_circuits_lockfile: Exceeded retries: 1



    appconfig file

    [resilient]
    # Basic service connection
    host=localhost
    port=443

    # Use (api_key_id, api_key_secret)
    # api_key_id=ApiKeyId
    # api_key_secret=ApiKeySecret
    # Or (email, password)
    email=nitece2012@gmail.com
    password=password

    org=IBM

    # Number of attempts to retry when connecting to Resilient. 0 = unlimited retries
    #max_connection_retries=10

    # CP4S
    # Actions Module connection
    # Use stomp_url when configuring an environment for CP4S
    #stomp_host=<CP4S stomp URL>
    #stomp_port=443
    #resource_prefix=/api/respond

    #stomp_timeout=120
    #stomp_max_retries=3

    # Optional parameters for stomp connections.....
    # Please refer to IBM Support for additional settings to those outlined below
    # format...... stomp_params=<param1=value1>,<,param2=value2>
    #stomp_params=startupMaxReconnectAttempts=3,maxReconnectAttempts=10,initialReconnectDelay=20

    # Directory containing additional components to load
    # componentsdir=components
    # Existing directory to write logs to, or set with $APP_LOG_DIR
    logdir c:\Users\Administrator\.resilient
    #logdir=/tmp
    logfile=app.log
    loglevel=INFO

    # The number of Functions to run concurrently (within the range: 1 <= 50)
    num_workers=10

    # If your Resilient server uses a self-signed TLS certificate, or some
    # other certificate that is not automatically trusted by your machine,
    # you need to explicitly tell the Python scripts that it should be trusted.
    # If you don't want to use a cert you can set cafile=false.
    # To explicitly trust a site, download its certificate to a file, e.g:
    # mkdir -p ~/.resilient
    # openssl s_client -connect #resilient.example.com:443 -showcerts < /dev/null 2> /dev/null | openssl x509 - outform PEM > ~/.resilient/cert.cer
    # then specify the file (remove the '#' from the line below)
    cafile=false

    ------------------------------
    Nithiyanantham Palanisamy
    ------------------------------



  • 8.  RE: Unable to connect the resilient circuit run

    Posted 18 days ago
    Hi Nithiyanantham

    Dont see much in your logs  I suggest  the following

    (1) verify your Host Name is updated to that of your resilient server (integration server is NOT supported on your Resilient server....must be separate servers)
    (2) run your resilient-circuits in DEBUG level  (resilient-circuits run --loglevel DEBUG)
    (3) Verify email and password are correct on Resilient server (and you can login)

    Regards
    John

    ------------------------------
    John Quirke
    ------------------------------



  • 9.  RE: Unable to connect the resilient circuit run

    Posted 5 days ago
    Hi John

    As l have tried many ways try to run resilient circuits run command. but it is showing the unable to lock file error showing. is it ways to produce certificate for lock the resilient circuits file. i am using windows machine to run this command. is the resilient server is local system ip address or it connect to online for resilient server ip.

    ------------------------------
    Nithiyanantham Palanisamy
    ------------------------------



  • 10.  RE: Unable to connect the resilient circuit run

    Posted 2 days ago
    Hi Nithiyanantham

    can you verify your python environment by running the following commands

    python --version
    pip list
    resilient-circuits list

    As you are running on a windows environment I would also suggest reviewing the setup requirements for  resilient-circuits on windows.
    I think there maybe an issue with your app.config

    NOTE: To run Resilient Circuits commands on a Windows system, use resilient-circuits.exe. For example, "resilient-circuits.exe run" rather than "resilient-circuits run".

    John

    ------------------------------
    John Quirke
    ------------------------------



  • 11.  RE: Unable to connect the resilient circuit run

    Posted yesterday
    HI JOHN


    the following output is here john


    C:\Temp_Dir>python --version
    Python 3.9.2

    C:\Temp_Dir>pip list
    Package Version
    ------------------ ---------
    cachetools 2.1.0
    certifi 2020.12.5
    chardet 4.0.0
    circuits 3.2.1
    filelock 3.0.12
    idna 2.10
    Jinja2 2.11.3
    keyring 22.0.1
    MarkupSafe 1.1.1
    pip 21.0.1
    PySocks 1.7.1
    pytz 2021.1
    pywin32 300
    pywin32-ctypes 0.2.0
    requests 2.25.1
    requests-mock 1.8.0
    requests-toolbelt 0.9.1
    resilient 40.0.100
    resilient-circuits 40.0.100
    setuptools 49.2.1
    setuptools-scm 5.0.1
    six 1.15.0
    stompest 2.3.0
    urllib3 1.26.3
    watchdog 2.0.1

    C:\Temp_Dir>resilient-cicuits list
    'resilient-cicuits' is not recognized as an internal or external command,
    operable program or batch file.

    C:\Temp_Dir>resilient-circuits list
    c:\users\murali r\appdata\local\programs\python\python39\lib\site-packages\setuptools\distutils_patch.py:25: UserWarning: Distutils was imported before Setuptools. This usage is discouraged and may exhibit undesirable behaviors or errors. Please use Setuptools' objects directly or at least import Setuptools first.
    warnings.warn(
    No resilient-circuits components are installed

    C:\Temp_Dir>pip install setuptools
    Requirement already satisfied: setuptools in c:\users\murali r\appdata\local\programs\python\python39\lib\site-packages (49.2.1)

    ------------------------------
    Nithiyanantham Palanisamy
    ------------------------------



  • 12.  RE: Unable to connect the resilient circuit run

    Posted 22 hours ago
    Hi Nithiyanantham


    We currently dont support Python 3.9.2 but saying that can you outline the steps you have carried out to create this environment.
    It looks like you installed resilient-circuits directly ....but had you any integrations previously installed and possibly removed.

    The steps would help us better understand your environment.


    Regards
    John


    ------------------------------
    John Quirke
    ------------------------------