IBM Security QRadar SOAR

Hello
I have a probleblem that probaby already been submittet to support IBM.
I get credential error when aactivating any of the threatsoaurces option. Api Key and password are correct. I found an entry in the client.com "Cannot validate API key for threat source *****************: java.security.cert.CertificateException: None of the TrustManagers trust this certificate chain"

I would be greateful fo the tips

soar ver 46.2.19

------------------------------
Wiktor Minorczyk
------------------------------

Probably the cause of the error was access to https://websvc.resilientsystem.com. by incorrectly categorizing by infoblox and blocking this site. I will try to report it, although probably someone at IBM has already dealt with it

Would you please refer to this doc that the system requires access to services on the Internet. And would it be possible your internet access is through proxy so you may need to refer to this doc for additional configuration. 

------------------------------
Leo Kuo
------------------------------

Original Message:
Sent: Fri October 28, 2022 03:07 AM
From: Wiktor Minorczyk
Subject: Threat Sorurce

Hello
I have a probleblem that probaby already been submittet to support IBM.
I get credential error when aactivating any of the threatsoaurces option. Api Key and password are correct. I found an entry in the client.com "Cannot validate API key for threat source *****************: java.security.cert.CertificateException: None of the TrustManagers trust this certificate chain"

I would be greateful fo the tips

soar ver 46.2.19

------------------------------
Wiktor Minorczyk
------------------------------

Hi Wiktor,

I couldn't find an case open under your name.

See https://www.ibm.com/support/pages/node/1160620 which describes one situation which I have seen on a few occasions where a client has a proxy that inspects the SSL connection between SOAR and websvc.resilientsystems.com. The end result is that the certificate chain is altered and the proper certificate chain is replaced with internal certificates from the client's CA.

This alteration causes SOAR to rightly, not trust the server it is connecting to. If you run openssl s_client -connect websvc.resilientsystems.com:443 -showcerts, what is returned? Do you see certificates from your internal CA? If so, you need to import the full chain as directed in https://www.ibm.com/support/pages/node/1160620 to custcerts.

Once the full chain is present in custcerts then SOAR can verify the chain and then trust the connection to websvc.resilientsystems.com.

------------------------------
BEN WILLIAMS
------------------------------

Original Message:
Sent: Fri October 28, 2022 03:07 AM
From: Wiktor Minorczyk
Subject: Threat Sorurce

Hello
I have a probleblem that probaby already been submittet to support IBM.
I get credential error when aactivating any of the threatsoaurces option. Api Key and password are correct. I found an entry in the client.com "Cannot validate API key for threat source *****************: java.security.cert.CertificateException: None of the TrustManagers trust this certificate chain"

I would be greateful fo the tips

soar ver 46.2.19

------------------------------
Wiktor Minorczyk
------------------------------