List of Contributions

BEN WILLIAMS

Contact Details

My Content

1 to 20 of 50+ total
Posted By BEN WILLIAMS Wed March 27, 2024 06:21 AM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Hi Yongwon, You cannot change the password complexity. It is set this way to ensure that the product is sufficiently secure. If you wish to avoid the password policy you can configure SOAR to use SAML or LDAP authentication. Once configured, all authentication is handled by AD or your IdP so you ...
Posted By BEN WILLIAMS Wed January 17, 2024 02:28 AM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Hi Bhagyesh, The Enhanced Data Migration function on the App Exchange provides similar data. A code snippet is available here -> https://github.com/ibmresilient/resilient-community-apps/blob/main/fn_qradar_enhanced_data/fn_qradar_enhanced_data/components/qradar_top_events.py SOAR does not do ...
Posted By BEN WILLIAMS Tue January 16, 2024 04:30 AM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Hi Jasmin, The link you provided to our documentation is open to all users and doesn't require any authentication, there are no checks as to who you are. If it is that you feel the documentation does not cover the areas you need then you can create a new thread in the community or, you can ...
Posted By BEN WILLIAMS Fri January 12, 2024 04:04 AM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Hi Jasmin, I don't know what you are referring to when you say you haven't got access to a "plus section." We don't have documentation that is only shown to clients with special access. I think it would be best to start a new thread in the community with a heading that indicates what you want ...
Posted By BEN WILLIAMS Thu January 11, 2024 04:30 PM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Hi Jasmin, Yes, have a look at https://www.ibm.com/docs/en/sqsp/51?topic=architecture-soar-platform-mssp-add. There are other pages that you might also find helpful so spend some time to explore the other pages of our product documentation. ------------------------------ BEN WILLIAMS ...
Posted By BEN WILLIAMS Thu January 11, 2024 04:41 AM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Hi Jasmin, Is org 206 your configuration organisation or the child organisation? You cannot import customisations into a child organisation, they are imported into the configuration organisation and the configuration push, pushes the customisations to the child orgs. See https://www.ibm.co ...
Posted By BEN WILLIAMS Thu January 11, 2024 04:17 AM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Hi Jasmin, You haven't shared the error in the client.log nor the lines in the client_access*.log. ------------------------------ BEN WILLIAMS ------------------------------
Posted By BEN WILLIAMS Thu January 11, 2024 04:04 AM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Hi Jasmin, Have a look at /usr/share/co3/logs/client.log at the time the API key authenticates. Also the client_access* .log in the same directory might be of use to identify the API key being reported as being used. If you are using MSSP ensure the API key has access to the organisation and ...
Posted By BEN WILLIAMS Thu November 30, 2023 08:17 AM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Hi Guido, Focusing on your observation regarding $(NOTE). Change it to $(note) (lowercase) and you should find that the HTML tags do not appear. ------------------------------ BEN WILLIAMS ------------------------------
Posted By BEN WILLIAMS Tue November 07, 2023 11:54 AM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Hi Dany, When you used resilient.localdomain you got a 404. When you used an IP address you didn't get a 404 returned. When you try to connect to virustotal.com you get a 404. This sounds like a network problem. I asked previously for you to run the curl command from inside the function's ...
Posted By BEN WILLIAMS Tue November 07, 2023 11:45 AM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Hi Dany, The problem is that virustotal is sending back a 404. 2023-11-07 16:18:18,927 DEBUG [connectionpool] [Thread-3] https://virustotal.com:443 "GET /api/v3/ip_addresses/8.8.8.8 HTTP/1.1" 404 315 2023-11-07 16:18:18,928 DEBUG [requests_common] [Thread-3] 404 2023-11-07 16:18:18,929 DEBUG ...
Posted By BEN WILLIAMS Tue November 07, 2023 10:59 AM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Hi Dany, I fear the 404 is returned when using resilient.localdomain because it is resolving to something else which is not the SOAR server. Stick with this combination. [fn_virustotal] api_token = $API_TOKEN polling_interval_sec = 60 max_polling_wait_sec = 600 verify = false [resilient] ...
Posted By BEN WILLIAMS Tue November 07, 2023 10:26 AM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Hi Dany, Also set cafile=False under the [resilient] section so that it doesn't verify the connection. You had this working so please keep track of what combination works because Bo or I do not know what values you have set in the app.config for each log snippet you share. Maybe you should ...
Posted By BEN WILLIAMS Tue November 07, 2023 09:38 AM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Hi Dany, You get the correct common name returned by the curl command. On the App Host server cli can you run sudo kubectl get pods -A -l apps.isc.ibm.com/app-type=app -L app.kubernetes.io/instance Look for the name of the function (fn_virustotal) in the INSTANCE column and then populate ...
Posted By BEN WILLIAMS Tue November 07, 2023 08:49 AM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Hi Dany, You have only sent a screen shot of the curl output. There would normally be a mention of the certificate. You might need to scroll up. Feel free to send the entire output as long as it doesn't include anything sensitive. # curl https://virustotal.com/api/v3/ip_addresses/8.8.8.8 -v ...
Posted By BEN WILLIAMS Tue November 07, 2023 06:40 AM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Hi Dany, Do what Bo suggest four days ago. This will bypass SSL checks to Virustotal but it is not recommended. ******** I'm sorry I wasn't more clear, however, I don't know what else I can suggest. The value verify is the proper configuration name. It would look something like [fn_virustotal] ...
Posted By BEN WILLIAMS Tue November 07, 2023 06:03 AM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Hi Bo, The support case was opened because Dany had problems connecting to SOAR. He had not at that point been able to connect to virustotal. In the case, cafile=false was referred to only in the context of the connection to SOAR. Dany had tried configuring the SOAR connection using the FQDN and ...
Posted By BEN WILLIAMS Mon October 30, 2023 06:42 AM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Hi Yasemen, It might not be designed with that in mind but it works for a number of clients who have deployed it in that way. Thankfully you have been able to make changes to the operating system of your integration server to get systemd, Python and Resilient Circuits working together. Thank you ...
Posted By BEN WILLIAMS Mon October 30, 2023 05:48 AM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Hi Yasemen, Thanks for letting us know that the problem was related to the OS and it is good news you were able to fix the problem. ------------------------------ BEN WILLIAMS ------------------------------
Posted By BEN WILLIAMS Fri September 29, 2023 04:32 AM
Found In Egroup: IBM Security QRadar SOAR
\ view thread
Hi Ravi, Also try sudo kubectl cluster-info dump | grep clusterIP. Presumably that will return the IP address you have set k3s to use. Remove the pipe and grep to see all the cluster-info. ------------------------------ BEN WILLIAMS ------------------------------