Hi
@BEN WILLIAMS,
Can you help me with sort of similar issue? I have newly installed Resilient Circuit server but unable to run the circuit through command. Below are the logs in DEBUG mode:
Please let me know where am I going wrong.
##########################################
[integration@vclabu18 .resilient]$ /usr/bin/resilient-circuits run
/usr/lib/python2.7/site-packages/secretstorage/dhcrypto.py:15: CryptographyDeprecationWarning: Python 2 is no longer supported by the Python core team. Support for it is now deprecated in cryptography, and will be removed in the next release.
from cryptography.utils import int_from_bytes
------------------------
Environment:
Python Version: 2.7.5 (default, Aug 7 2019, 00:51:29)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]
Installed packages:
argparse: 1.4.0
backports.functools-lru-cache: 1.6.4
backports.ssl-match-hostname: 3.5.0.1
beautifulsoup4: 4.9.3
blivet: 0.61.15.74
Brlapi: 0.6.0
bs4: 0.0.1
cachetools: 2.1.0
certifi: 2021.10.8
cffi: 1.15.0
chardet: 4.0.0
chrome-gnome-shell: 0.0.0
circuits: 3.2.2
configobj: 4.7.2
configparser: 4.0.2
coverage: 3.6b3
cryptography: 3.3.2
cupshelpers: 1.0
decorator: 3.4.0
di: 0.3
entrypoints: 0.3
enum34: 1.1.10
ethtool: 0.8
filelock: 3.2.1
firstboot: 19.5
fros: 1.0
futures: 3.1.1
idna: 2.10
iniparse: 0.4
initial-setup: 0.3.9.44
ipaddress: 1.0.16
IPy: 0.75
javapackages: 1.0.0
Jinja2: 2.11.3
keyring: 18.0.1
kitchen: 1.1.1
langtable: 0.0.31
lxml: 3.2.1
MarkupSafe: 1.1.1
ntplib: 0.3.2
pathtools: 0.1.2
perf: 0.1
pip: 19.3.1
policycoreutils-default-encoding: 0.1
pycparser: 2.21
pycups: 1.9.63
pycurl: 7.19.0
pygobject: 3.22.0
pygpgme: 0.3
pyinotify: 0.9.4
pykickstart: 1.99.66.21
pyliblzma: 0.5.3
pyparted: 3.9
pysmbc: 1.0.13
PySocks: 1.7.1
Python: 2.7.5
python-augeas: 0.5.0
python-linux-procfs: 0.4.9
python-meh: 0.25.3
python-nss: 0.16.0
pytz: 2016.10
pyudev: 0.15
pyxattr: 0.5.1
PyYAML: 3.10
requests: 2.26.0
requests-mock: 1.9.3
requests-toolbelt: 0.9.1
resilient: 44.0.2810
resilient-circuits: 44.0.2810
resilient-lib: 44.0.2810
schedutils: 0.4
SecretStorage: 2.3.1
seobject: 0.1
sepolicy: 1.1
setroubleshoot: 1.1
setuptools: 44.1.1
six: 1.9.0
slip: 0.4.0
slip.dbus: 0.4.0
soupsieve: 1.9.6
stompest: 2.3.0
subprocess32: 3.2.6
urlgrabber: 3.10
urllib3: 1.26.9
watchdog: 0.10.7
wsgiref: 0.1.2
yum-langpacks: 0.4.2
yum-metadata-parser: 1.1.4
###############
No handlers could be found for logger "filelock"
2022-03-29 13:50:50,420 INFO [app] Configuration file: app.config
2022-03-29 13:50:50,423 INFO [app] Resilient server: 10.10.6.48
2022-03-29 13:50:50,423 INFO [app] Resilient user: kothai.nachiya@XXX
2022-03-29 13:50:50,424 INFO [app] Resilient org: XXX (**ORG name is verified)
2022-03-29 13:50:50,424 INFO [app] Logging Level: DEBUG
2022-03-29 13:50:50,425 DEBUG [actions_component] create idle timer
2022-03-29 13:50:50,426 WARNING [co3] Unverified HTTPS requests (cafile=false).
2022-03-29 13:50:50,430 DEBUG [retry] Converted retries value: Retry(total=0, connect=None, read=False, redirect=None, status=None) -> Retry(total=Retry(total=0, connect=None, read=False, redirect=None, status=None), connect=None, read=None, redirect=0, status=None)
2022-03-29 13:50:50,431 WARNING [connectionpool] Connection pool is full, discarding connection: 10.10.6.48. Connection pool size: 10
2022-03-29 13:50:50,431 DEBUG [_api] Attempting to release lock 140540010142928 on /home/integration/.resilient/resilient_circuits_lockfile
2022-03-29 13:50:50,431 DEBUG [_api] Lock 140540010142928 released on /home/integration/.resilient/resilient_circuits_lockfile
Traceback (most recent call last):
File "/usr/bin/resilient-circuits", line 11, in <module>
load_entry_point('resilient-circuits==44.0.2810', 'console_scripts', 'resilient-circuits')()
File "/usr/lib/python2.7/site-packages/resilient_circuits/bin/resilient_circuits_cmd.py", line 404, in main
config_file=args.config_file)
File "/usr/lib/python2.7/site-packages/resilient_circuits/bin/resilient_circuits_cmd.py", line 85, in run
app.run(**kwargs)
File "/usr/lib/python2.7/site-packages/resilient_circuits/app.py", line 231, in run
application = App(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/resilient_circuits/app.py", line 70, in __init__
self.do_initialization()
File "/usr/lib/python2.7/site-packages/resilient_circuits/app.py", line 102, in do_initialization
self.action_component = Actions(self.opts)
File "/usr/lib/python2.7/site-packages/resilient_circuits/actions_component.py", line 317, in __init__
super(Actions, self).__init__(opts)
File "/usr/lib/python2.7/site-packages/resilient_circuits/actions_component.py", line 108, in __init__
self._get_fields(fn_names=self.fn_names)
File "/usr/lib/python2.7/site-packages/resilient_circuits/actions_component.py", line 157, in _get_fields
client = self.rest_client()
File "/usr/lib/python2.7/site-packages/resilient_circuits/actions_component.py", line 219, in rest_client
return get_resilient_client(self.opts)
File "/usr/lib/python2.7/site-packages/resilient_circuits/rest_helper.py", line 47, in wrapper
return func(opts)
File "/usr/lib/python2.7/site-packages/resilient_circuits/rest_helper.py", line 90, in get_resilient_client
resilient_client = resilient.get_client(opts)
File "/usr/lib/python2.7/site-packages/resilient/co3.py", line 166, in get_client
userinfo = resilient_client.connect(opts["email"], opts["password"])
File "/usr/lib/python2.7/site-packages/resilient/co3.py", line 322, in connect
ret = super(SimpleClient, self).connect(email, password, timeout)
File "/usr/lib/python2.7/site-packages/resilient/co3base.py", line 189, in connect
return self._connect(timeout=timeout)
File "/usr/lib/python2.7/site-packages/resilient/co3base.py", line 236, in _connect
timeout=timeout)
File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 590, in post
return self.request('POST', url, data=data, json=json, **kwargs)
File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 542, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 655, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python2.7/site-packages/requests/adapters.py", line 449, in send
timeout=timeout
File "/usr/lib/python2.7/site-packages/urllib3/connectionpool.py", line 691, in urlopen
timeout_obj = self._get_timeout(timeout)
File "/usr/lib/python2.7/site-packages/urllib3/connectionpool.py", line 334, in _get_timeout
return Timeout.from_float(timeout)
File "/usr/lib/python2.7/site-packages/urllib3/util/timeout.py", line 179, in from_float
return Timeout(read=timeout, connect=timeout)
File "/usr/lib/python2.7/site-packages/urllib3/util/timeout.py", line 103, in __init__
self._connect = self._validate_timeout(connect, "connect")
File "/usr/lib/python2.7/site-packages/urllib3/util/timeout.py", line 146, in _validate_timeout
"int, float or None." % (name, value)
ValueError: Timeout value connect was Timeout(connect=None, read=None, total=None), but it must be an int, float or None.
------------------------------
Nishant Kumar
------------------------------
Original Message:
Sent: Tue March 29, 2022 02:35 AM
From: BEN WILLIAMS
Subject: Resilient-Circuits Not Running
Hi Dany,
"Unauthorized" is coming from SOAR so tail /usr/share/co3/logs/client.log at the time that Circuits runs and look for an error. From the error, it suggests that the API key is not allowed to authenticate against the CBM organisation. This could be because the API password has expired, there is an IP ban, if it is an MSSP organisation a configuration push hasn't been invoked.
There could be some other reasons but you should check the log and also the UI. Are you sure the API secret is correct? What if you regenerate it and then use the new API secret in the app.config?
------------------------------
BEN WILLIAMS
Original Message:
Sent: Mon March 28, 2022 03:06 AM
From: Dany El-Nghaywe
Subject: Resilient-Circuits Not Running
Hi guys, as you can see in the attachments below, I have configured the app.config to run my resilient-circuits. However, when I run the command: #resilient-circuits run, I keep on getting this error message and I do not know what it means and how to fix it. Any help would be deeply appreciated.
------------------------------
Dany El-Nghaywe
------------------------------