IBM Security QRadar SOAR

 View Only
  • 1.  Threat Sorurce

    Posted Fri October 28, 2022 09:03 AM
    Edited by Wendy Batten Thu November 10, 2022 08:10 AM
    I have a probleblem that probaby already been submittet to support IBM.
    I get credential error when aactivating any of the threatsoaurces option. Api Key and password are correct. I found an entry in the "Cannot validate API key for threat source *****************: None of the TrustManagers trust this certificate chain"

    I would be greateful fo the tips

    soar ver 46.2.19

    Wiktor Minorczyk

    Probably the cause of the error was access to by incorrectly categorizing by infoblox and blocking this site. I will try to report it, although probably someone at IBM has already dealt with it

  • 2.  RE: Threat Sorurce

    Posted Mon October 31, 2022 04:23 AM
    Would you please refer to this doc that the system requires access to services on the Internet. And would it be possible your internet access is through proxy so you may need to refer to this doc for additional configuration. 

    Leo Kuo

  • 3.  RE: Threat Sorurce

    Posted Mon October 31, 2022 05:21 AM
    Hi Wiktor,

    I couldn't find an case open under your name.

    See which describes one situation which I have seen on a few occasions where a client has a proxy that inspects the SSL connection between SOAR and The end result is that the certificate chain is altered and the proper certificate chain is replaced with internal certificates from the client's CA.

    This alteration causes SOAR to rightly, not trust the server it is connecting to. If you run openssl s_client -connect -showcerts, what is returned? Do you see certificates from your internal CA? If so, you need to import the full chain as directed in to custcerts.

    Once the full chain is present in custcerts then SOAR can verify the chain and then trust the connection to