IBM Security QRadar SOAR

 View Only
  • 1.  QRadar connection to Resilient issue

    Posted Wed November 02, 2022 07:19 AM
    Hi there,

    I am trying to connect QRadar to SOAR Resilient through IBM QRadar SOAR Plugin, I created all the users and API keys and they are working fine, but when I tried to verify and save changes the following error comes out:
    Connection and Configuration Verification Failed: HTTPSConnectionPool(host='xxxxxxxx.xx.xxx', port=443): Max retries exceeded with url: /rest/session (Caused by ProxyError('Cannot connect to proxy.', timeout('timed out',))) 

    But the thing is there is no proxy between both machines and I have checked the option "Need to configure a proxy?".

    I also checked the connection between QRadar machine to Resilient machine on 443 and it is working fine.

    Any ideas would be appreciate.

    Thanks in advance



    ------------------------------
    Javier Martínez Arrieta
    ------------------------------


  • 2.  RE: QRadar connection to Resilient issue

    Posted Wed November 02, 2022 03:54 PM

    Hello -

    If there is no proxy between your machines, you will have to uncheck the option "Need to configure proxy?". Have you done this?

    Otherwise, when that option is checked, you will have to provide the proxy details for the app to authenticate. It seems like, because you have checked the option but not provided any credentials, the app is trying to connect to a proxy and is not able to do so.



    ------------------------------
    Priya Sapra
    ------------------------------



  • 3.  RE: QRadar connection to Resilient issue

    Posted Thu November 03, 2022 03:09 AM
    Hi Javier,

    I have seen instances where the app container tries to route out via a proxy even though one is not supposed to be set. In these circumstances see https://www.ibm.com/support/pages/qradar-how-tune-proxy-configurations-app-containers and check with your QRadar administrator.

    In these circumstances I have asked clients to recon into the plug-ins container and run "export." Check the output for the presence of HTTPS_PROXY or HTTP_PROXY. If they are there then it is being pushed down from QRadar. The technote should help.

    ------------------------------
    BEN WILLIAMS
    ------------------------------



  • 4.  RE: QRadar connection to Resilient issue

    Posted Thu November 03, 2022 04:04 AM
    Hi Ben,

    I will go for this solution and share with you the outputs, I saw in my other machines there is indeed "NO_PROXY_LIST" so, probably there is the solution.


    Thanks both of you for your support!

    ------------------------------
    J Martinez
    ------------------------------



  • 5.  RE: QRadar connection to Resilient issue

    Posted Thu November 03, 2022 03:51 AM
      |   view attached
    Hi Priya,

    Sorry for the misunderstunding, but the option "Need to configure proxy?" is unchecked. Even though, QRadar is trying to connect SOAR trough proxy.

    ------------------------------
    J Martinez
    ------------------------------