IBM QRadar SOAR

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

View Only

Back to discussions

Expand all | Collapse all

Automatic Escalation not working with New version of SOAR Plugin

1. Automatic Escalation not working with New version of SOAR Plugin

Like
Abdullah Tadefi
Posted 13 days ago

Reply
Hi,

Not sure if anyone faced this issue, but ever since we updated the SOAR plugin to newest version we are unable to see automatic escalation to soar. Manual escalation of the offense works fine.

Connection to the SOAR server is ok.

Any idea or pointers on where to look for more troubleshooting?

Soar Plugin version 5.6.0 (with content installed)

------------------------------
Abdullah Tadefi
------------------------------
2. RE: Automatic Escalation not working with New version of SOAR Plugin

Like
Dillip Nath
Posted 13 days ago

Reply
Hi Abdullah,

It is difficult to exactly point what might be causing it without looking at logs which can be downloaded from the application UI. What version did you upgrade from? You can try restarting "ecs-ep" service on qradar console to see if it makes any difference or any error you see in circuits.log. Feel free to create a support case and attach the logs for us to review and suggest further.

------------------------------
DillipNath
------------------------------

Original Message
3. RE: Automatic Escalation not working with New version of SOAR Plugin

Like
Erwin Friethoff
Posted 13 days ago

Reply
Hi Abdullah, I found these technotes, perhaps they can help you debug the error. If nothing works, you can always open a case with support.
There is known issue in 5.6.0: see https://www.ibm.com/mysupport/s/defect/aCIgJ00000007EPWAY/dt437287?language=en_US

the below links are a bit older but could help debugging further if the above technote is not applicable to you.
https://www.ibm.com/support/pages/how-resolve-automated-escalation-failures-using-soar-integration-application-qradar
https://www.ibm.com/support/pages/ibm-qradar-offenses-are-not-escalated-due-configuration-issues-ibm-qradar-soar-or-cloud-pak-security

------------------------------
Erwin
------------------------------

Original Message

IBM QRadar SOAR

IBM QRadar SOAR

Automatic Escalation not working with New version of SOAR Plugin

Abdullah Tadefi13 days ago

Dillip Nath13 days ago

Erwin Friethoff13 days ago

1. Automatic Escalation not working with New version of SOAR Plugin

2. RE: Automatic Escalation not working with New version of SOAR Plugin

3. RE: Automatic Escalation not working with New version of SOAR Plugin

Additional
Resources

Office

Quick Links

IBM QRadar SOAR

IBM QRadar SOAR

Automatic Escalation not working with New version of SOAR Plugin

Abdullah Tadefi13 days ago

Dillip Nath13 days ago

Erwin Friethoff13 days ago

1. Automatic Escalation not working with New version of SOAR Plugin

2. RE: Automatic Escalation not working with New version of SOAR Plugin

3. RE: Automatic Escalation not working with New version of SOAR Plugin

Related Content

QRadar SOAR Plugin App can not Automatic Escalation

Announcing our QRadar SOAR Plugin v4.1 Release

IBM QRadar SOAR Plugin - Escalation Template Issues

QRadar SOAR delivers a new integration with Salesforce Service Cloud

Close QRadar offense in QRadar SOAR

Additional Resources

Office

Quick Links

Additional
Resources