List of Contributions

BEN WILLIAMS

Contact Details

My Content

1 to 20 of 50+ total
Posted By BEN WILLIAMS Nov 25, 2020 2:28 AM
Found In Egroup: IBM Security Resilient
\ view thread
Hi Jasmine, You could use resSystemRestore to another Resilient instance assuming you took a backup prior to the deletion? What you are asking for is not in the product so it's better that you raise a new idea or vote for an existing one for Offering Management to consider. There are some ideas that ...
Posted By BEN WILLIAMS Oct 8, 2020 2:24 AM
Found In Egroup: IBM Security Resilient
\ view thread
Hi Burak, You may have an index problem. It is best that you raise a support case https://www.ibm.com/mysupport/ ------------------------------ BEN WILLIAMS ------------------------------
Posted By BEN WILLIAMS Oct 2, 2020 5:43 AM
Found In Egroup: IBM Security Resilient
\ view thread
Hi Mohamed, There are a number of different ways to upgrade so I suspect that the "best" way to achieve it depends on whom you ask. You might be better asking the question on a Python forum, Stack Overflow, or asking your internal teams for assistance. ------------------------------ BEN WILLIAMS --- ...
Posted By BEN WILLIAMS Sep 22, 2020 4:21 AM
Found In Egroup: IBM Security Resilient
\ view thread
Hi Cheryl, You could get in touch with your Customer Success Manager to see whether assistance can be provided to you. ------------------------------ BEN WILLIAMS ------------------------------
Posted By BEN WILLIAMS Sep 15, 2020 2:24 AM
Found In Egroup: IBM Security Resilient
\ view thread
Hi Felix, You can get the OVA from Passport Advantage (https://www.ibm.com/software/passportadvantage/pacustomers.html). You should have been sent the license when you bought the license, if not, you can get the license from your Customer Success Manager (CSM) or maybe go to your sales contact if you ...
Posted By BEN WILLIAMS Aug 12, 2020 6:18 AM
Found In Egroup: IBM Security Resilient
\ view thread
Hi Sunil, Please see https://www.ibm.com/support/pages/node/1159492 relating to "Action 35 is not defined." So, a community app (IOC Parser Function v2 for IBM Resilient ) is able to read from the message destination successfully but your code, fortinet.py is not. I see that your colleague has a support ...
Posted By BEN WILLIAMS Aug 11, 2020 10:45 AM
Found In Egroup: IBM Security Resilient
\ view thread
Hi Sunil, Do you have this problem with any other functions? For example, if you install an IBM supported function/app into Resilient Circuits does it work? If you run the following command, do you see messages being written to the message destination that fortinet is configured to use? sudo -u postgres ...
Posted By BEN WILLIAMS Aug 11, 2020 5:06 AM
Found In Egroup: IBM Security Resilient
\ view thread
Sunil, The following suggests you have not run resilient-circuits customize to import the exchange function into Resilient 2020-08-11 09:12:57,693 WARNING [actions_component] Function 'exchange_online_delete_messages_from_query_results' is not defined in this Resilient platform!2020-08-11 09:12:57,693 ...
Posted By BEN WILLIAMS Jul 30, 2020 5:49 AM
Found In Egroup: IBM Security Resilient
\ view thread
Hi Yusuke, That's correct. You would need to speak with your network team as they will know how your external facing network is configured. ------------------------------ BEN WILLIAMS ------------------------------
Posted By BEN WILLIAMS Jul 30, 2020 5:27 AM
Found In Egroup: IBM Security Resilient
\ view thread
The IP address of a SaaS instance is not set using DHCP, typically that's what you would use inside your corporate network. I t is our policy to change IP addresses of our SaaS instances on occasion. Please review whether you have our IP addresses in use in any manner (whitelisting, etc.) and discontinue ...
Posted By BEN WILLIAMS Jul 13, 2020 5:32 AM
Found In Egroup: IBM Security Resilient
\ view thread
In the case you opened with a colleague we saw the URI being used to POST to was malformed and looked to be a mix of the Resilient address and another, presumably the ITSM application. Resilient is sending back an HTTP 500 because it doesn't recognise what you are sending it. Take a look at the contents ...
Posted By BEN WILLIAMS Jul 7, 2020 10:13 AM
Found In Egroup: IBM Security Resilient
\ view thread
Hi Jasmine, The main log file is /usr/share/co3/logs/client.log. In v37.1 there is a new option to enable logging for workflows https://www.ibm.com/support/knowledgecenter/SSBRUQ_37.0.0/doc/admin/system_health.html ------------------------------ BEN WILLIAMS ------------------------------
Posted By BEN WILLIAMS Jul 6, 2020 10:08 AM
Found In Egroup: IBM Security Resilient
\ view thread
Hi Jasmine, The main application log file is /usr/share/co3/logs/client.log which will capture most of the workflow related errors. ------------------------------ BEN WILLIAMS ------------------------------
Posted By BEN WILLIAMS Jun 26, 2020 9:02 AM
Found In Egroup: IBM Security Resilient
\ view thread
Hi Matthew, Have you set up a proxy to be used by Resilient Circuits? https://www.ibm.com/support/pages/node/1160488 ------------------------------ BEN WILLIAMS ------------------------------
Posted By BEN WILLIAMS Jun 26, 2020 5:11 AM
Found In Egroup: IBM Security Resilient
\ view thread
Hi Matthew, Thanks for posting here. To add some context for others when reading, Matthew has an SSL proxy that breaks the SSL certificate chain replacing the chain with internal certificates from their proxy. This means when the function tries to validate SSL certificate of urlscan.io it returns as ...
Posted By BEN WILLIAMS Jun 22, 2020 2:26 AM
Found In Egroup: IBM Security Resilient
\ view thread
This is a known problem which we are investigating. There is no work around at present apart from using the UI to recreate the additional workflow. ------------------------------ BEN WILLIAMS ------------------------------
Posted By BEN WILLIAMS Jun 12, 2020 5:48 AM
Found In Egroup: IBM Security Resilient
\ view thread
Hi Sophy, OK, so this is not an actual deployment of IBM Resilient but a problem with the virtual lab. Can you please send an email to sacademy@us.ibm.com as that team looks after the virtual lab software and will be able to assist you? Thanks, Ben ​ ------------------------------ BEN WILLIAMS ----- ...
Posted By BEN WILLIAMS Jun 9, 2020 4:57 AM
Found In Egroup: IBM Security Resilient
\ view thread
Hi Pablo, Please also take a look at the following technote which we send to client when they have problems with the QRadar app. https://www.ibm.com/support/pages/node/6173757 ------------------------------ BEN WILLIAMS ------------------------------
Posted By BEN WILLIAMS May 19, 2020 2:24 AM
Found In Egroup: IBM Security Resilient
\ view thread
Hi Apronti, If you are using a self signed or internal CA to to sign your Resilient SSL certificate then Resilient Circuits will not be able to trust it by default. To remedy that you can create a .pem or .cer which contains a concatenated list of entries of the server, intermediate and root certificates ...
Posted By BEN WILLIAMS Apr 22, 2020 2:01 AM
Found In Egroup: IBM Security Resilient
\ view thread
Hi Achim, Take a look at https://www.ibm.com/support/pages/node/1846545 which lists the majority of the logs that Resilient outputs to. The client.log is the likely place to start looking. ------------------------------ BEN WILLIAMS ------------------------------