Sorry to hear that you continue to have issues configuring the QRadar SOAR plugin app. Can you confirm the following please?
Also please feel free to open a support ticket if you continue to see the issue and support can work with you on a Webex to address it in a timely manner.
Original Message:
Sent: Wed February 21, 2024 10:46 AM
From: Jasmin
Subject: Mapping of QRadar Domains and SOAR Organizations : Unable to find soar organization
Hi Priya,
I have double check all the following. There is'nt anything is log. And every integration of soar and siem with app is a pain :(
2024-02-21 18:42:39,592 [Thread-289] [INFO] [APP_ID:1251] [NOT:0000006000] check_actions_enabled: True2024-02-21 18:42:39,593 [Thread-289] [INFO] [APP_ID:1251] [NOT:0000006000] Checking that SOAR is configured properly...2024-02-21 18:42:39,730 [Thread-289] [INFO] [APP_ID:1251] [NOT:0000006000] Check that SOAR destinations configured2024-02-21 18:42:39,801 [Thread-289] [INFO] [APP_ID:1251] [NOT:0000006000] Check that SOAR action fields configured2024-02-21 18:42:39,882 [Thread-289] [INFO] [APP_ID:1251] [NOT:0000006000] Check that SOAR actions configured2024-02-21 18:42:39,949 [Thread-289] [INFO] [APP_ID:1251] [NOT:0000006000] Check automatic actions configured2024-02-21 18:42:39,949 [Thread-289] [INFO] [APP_ID:1251] [NOT:0000006000] Check manual actions configured2024-02-21 18:42:40,122 [Thread-289] [INFO] [APP_ID:1251] [NOT:0000006000] Closing reasons missing from QRadar: []2024-02-21 18:42:41,418 [Thread-296] [INFO] [APP_ID:1251] [NOT:0000006000] endpoint is config.admin_screen2024-02-21 18:42:41,419 [Thread-296] [INFO] [APP_ID:1251] [NOT:0000006000] admin_screen2024-02-21 18:42:41,678 [Thread-296] [INFO] [APP_ID:1251] [NOT:0000006000] Test SOAR Config2024-02-21 18:42:41,724 [Thread-296] [INFO] [APP_ID:1251] [NOT:0000006000] Token Test Returned: <Response [200]>2024-02-21 18:42:41,783 [Thread-296] [INFO] [APP_ID:1251] [NOT:0000006000] Checking if host is in CP4S2024-02-21 18:42:41,974 [Thread-296] [INFO] [APP_ID:1251] [NOT:0000006000] Checking access to the following orgs: ['id=201, name=ConfigOrg, type=configuration, parent_org_id=None, cloud_account_id=None']
------------------------------
Jasmin
Original Message:
Sent: Wed January 24, 2024 10:39 AM
From: Priya Sapra
Subject: Mapping of QRadar Domains and SOAR Organizations : Unable to find soar organization
Hi Jasmin,
The organizations are probably not coming up due to the fact that the "internal server error" came up. Did this come up when you clicked on "Verify and Configure" or on "Save"?
Please double check/confirm the following:
- You have checked off "Multiple Organization Support"
- You have executed a configuration push for your API key
- Is there any IP banned by SOAR?
- Is the API key locked or expired?
If all the above seem to be in place, my suggestion would be to check out the Plugin's app.log for any indication of this Internal Server Error. You can do this from the QRadar console, using the qappmanager to get the app ID for the plugin and then navigating to `/store/docker/volumes/qapp-<plugin app id>/`. From here, you should be able to view the log files.
Hope this helps!
------------------------------
Priya Sapra
Original Message:
Sent: Sun January 21, 2024 10:01 AM
From: Jasmin
Subject: Mapping of QRadar Domains and SOAR Organizations : Unable to find soar organization
Hi,
After reinstalling of resilient app in qradar, app unables to list organization. API key has full permission in config and orgs in soar. Any advice would be appreciated.
Best
------------------------------
Jasmin
------------------------------