IBM Security QRadar SOAR

 View Only
  • 1.  AbuseIPDB Function for IBM SOAR Selftest fails.

    User Group Leader
    Posted Mon October 16, 2023 01:12 AM

    AbuseIPDB Function for IBM SOAR failed with '404 Client Error: Not Found for url: https://api.abuseipdb.com/login'

    The configured URL is 'https://api.abuseipdb.com/api/v2/check' and redirected to the one above.

    As far as I could read from the CHECK Endpoint example, API key must be given to the 'Key' header, while selfset.py of this app set it to the 'X-Auth-Token' header. My guess is the API endpoint could not authenticate the user as the header name is wrong and redirected the request to '/login'.

    Does anyone experience the same?



    ------------------------------
    Katsuyuki Hirayama
    ------------------------------


  • 2.  RE: AbuseIPDB Function for IBM SOAR Selftest fails.
    Best Answer

    Posted Tue October 17, 2023 09:03 AM

    Hi Katsuyuki -

    Yes, that does seem to be a bug in the selftest. I've directly inspected the code in the app and the function itself should continue to work properly. We'll get a fix out for selftest sometime soon.

    Thanks,

    Bo



    ------------------------------
    Bo Bleckel
    ------------------------------



  • 3.  RE: AbuseIPDB Function for IBM SOAR Selftest fails.

    User Group Leader
    Posted Wed October 25, 2023 05:00 AM

    It looks as the app IBM Security App Exchange - AbuseIPDB Function for IBM SOAR is updated.

    Version 1.0.2
    -Selftest function updated

    Thank you for the prompt fix.



    ------------------------------
    Katsuyuki Hirayama
    ------------------------------