IBM Security QRadar SOAR

 View Only
  • 1.  resilient-sdk codegen does not create the python template

    Posted Mon December 05, 2022 07:38 AM
    As per the tutorial for the resilient-circuits first step : Integrations Guide link    followed, I am unable to create the Python template required for adding the custom function.

    The following commands were used:
    resilient-sdk codegen -p calculator -m fn_calc -f calc_sum -w calc_sum --rule "calc sum"

    The system venv is running on Python 3.9 and the package resilient-sdk is installed.

    While the "app.config" file at the .resilient directory host is pointing towards the IBM SOAR web.

    The codegen commands has been stuck at this step for a while. Hope the details is enough, do reply if any details needed. Also I would appreciate if there are any newer tutorial for the current app integration publication.

    ------------------------------
    Luqman Nur
    ------------------------------


  • 2.  RE: resilient-sdk codegen does not create the python template

    Posted Mon December 05, 2022 11:29 AM
    If it is getting stuck then make sure that the machine you are developing on can access the SOAR server that is being pointed to in the app.config file.
    Here is the link to the latest documentation on creating an app. https://www.ibm.com/docs/en/sqsp/47?topic=guide-creating-app
    Let me know if this helps you.

    ------------------------------
    Richard Swierk
    ------------------------------



  • 3.  RE: resilient-sdk codegen does not create the python template

    Posted Mon December 05, 2022 11:29 PM
    Sorry I do not quite get the meaning with the connection. Currently my system is able to communicate with the SOAR server either via Putty or HTTPS connection, and the app.config file is also pointing towards the server URL address with the default setting is following the quick-start guide.

    ------------------------------
    Luqman Nur
    ------------------------------



  • 4.  RE: resilient-sdk codegen does not create the python template

    Posted Tue December 06, 2022 04:03 AM
    Hi Richard,

    With the help of the support team, I am able to create the function and generate the tar package to be pip install. However when I run the command "resilient-circuits run" I have encountered the issue below

    Where it points to my API ID being unauthorized, although I am able to create the function template successfully with the same credentials. Is there any possible error with my workflows because I am sure that my app.config already followed the proper formats.

    Best regards,
    Luqman

    ------------------------------
    Luqman Nur
    ------------------------------



  • 5.  RE: resilient-sdk codegen does not create the python template

    Posted Tue December 06, 2022 09:03 AM
    So the not authorized to read from queue error happens when there is another account that was running a rule/workflow and that rule/workflow did not finish. You are now trying to run circuits from a different user and it is trying to finish running the rule/workflow that the other user was running, but it can only be run by the user that started it.
    To fix this error you either have to login to the account that was running that rule/workflow that did not finish running and let it finish running or you could reboot the server and it should clear the error.

    ------------------------------
    Richard Swierk
    ------------------------------



  • 6.  RE: resilient-sdk codegen does not create the python template

    Posted Tue December 06, 2022 09:01 PM
    Edited by Luqman Nur Tue December 06, 2022 10:13 PM
    Hi Richard,

    Thanks for the update. Currently I think the problem with the app running is due to my message destinations not setup properly as there are no other user running any rule/workflow and I am the creator of the current package. I have also followed your advice to restart the apphost server. Following this troubleshooting guide :

    https://www.ibm.com/support/pages/error-user-account-not-authorized-read-queue-when-closing-incident-or-synchronizing-notes-qradar-offenses

    and this guide for creating app. I have installed the package as editable pip file, but in my customization > message destinations, I am unable to find the api key for the package, so I opt in using my account api. Is this issue with my message destinations or my rule configurations is not correct



    https://www.ibm.com/docs/en/sqsp/46?topic=guide-creating-app



    Hope to hear reply from you.




    ------------------------------
    Luqman Nur
    ------------------------------



  • 7.  RE: resilient-sdk codegen does not create the python template

    Posted Wed December 07, 2022 09:19 AM
    Does your rule have a destination configured for it? If it does, remove the configured destination and try running circuits again. If the rule has a workflow configured to it then the rule can not have a destination configured to it.

    ------------------------------
    Richard Swierk
    ------------------------------