IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

Can someone assist with the error message in the Network Hierarchy app version 1.0.2?

  • 1.  Can someone assist with the error message in the Network Hierarchy app version 1.0.2?

    Posted Mon September 21, 2020 08:19 PM

    Client is seeing an error on Network Hierarchy app version 1.0.2 when trying to run backup and/or import. Client is on QRadar 7.4 patch 4.

    Something went wrong! Unknown error occurred; see logs for more detail

    2020-09-21 16:08:36,241 [abstract_qpylib.log] [Thread-26] [ERROR] - 127.0.0.1 [APP_ID/1459][NOT:0000003000] Uncaught REST wrapper error; SSLError(MaxRetryError('HTTPSConnectionPool(host=\'qrcon.w-intra.net\', port=443): Max retries exceeded with url: /api/config/network_hierarchy/networks?fields=group%2Cname%2Ccidr%2Cdescription%2Cdomain_id%2Cid (Caused by SSLError(SSLError("bad handshake: Error([(\'SSL routines\', \'SSL3_GET_SERVER_CERTIFICATE\', \'certificate verify failed\')],)",),))',),)

    2020-09-21 16:08:36,241 [abstract_qpylib.log] [Thread-26] [ERROR] - 127.0.0.1 [APP_ID/1459][NOT:0000006000] Traceback:

    Traceback (most recent call last):

    File "/app/views.py", line 125, in backups_create

    functions.export_net_hier(file_path=file_path)

    File "/app/core/functions.py", line 261, in export_net_hier

    net_hier = get_net_hier(convert_domain_ids_to_names=convert_domain_ids_to_names)

    File "/app/core/functions.py", line 208, in get_net_hier

    response = api_client.call_rest('GET', Constants.API_NET_HIER_DEPLOYED, params={'fields': 'group,name,cidr,description,domain_id,id'})

    File "/app/core/api_client.py", line 27, in call_rest

    response = REST(*args, **kwargs)

    File "/app/qpylib/qpylib.py", line 45, in REST

    timeout=timeout)

    File "/app/qpylib/live_qpylib.py", line 135, in REST

    timeout=timeout, verify=verify)

    File "/app/qpylib/abstract_qpylib.py", line 55, in RESTget

    data=data, json=json_inst, timeout=timeout)

    File "/usr/lib/python2.6/site-packages/requests/api.py", line 72, in get

    return request('get', url, params=params, **kwargs)

    File "/usr/lib/python2.6/site-packages/requests/api.py", line 58, in request

    return session.request(method=method, url=url, **kwargs)

    File "/usr/lib/python2.6/site-packages/requests/sessions.py", line 508, in request

    resp = self.send(prep, **send_kwargs)

    File "/usr/lib/python2.6/site-packages/requests/sessions.py", line 618, in send

    r = adapter.send(request, **kwargs)

    File "/usr/lib/python2.6/site-packages/requests/adapters.py", line 506, in send

    raise SSLError(e, request=request)

    SSLError: HTTPSConnectionPool(host='qrcon.w-intra.net', port=443): Max retries exceeded with url: /api/config/network_hierarchy/networks?fields=group%2Cname%2Ccidr%2Cdescription%2Cdomain_id%2Cid (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')],)",),))



    #QRadar
    #Support
    #SupportMigration


  • 2.  RE: Can someone assist with the error message in the Network Hierarchy app version 1.0.2?

    Posted Tue September 22, 2020 06:13 AM

    Hi Sandra.

    The last line of you error indicates that there is an issue with the ssl certificate. Has the qradar certificate been replaced or is it still running the original IBM self signed certicate?

    If the certicate has been replaced with an internal certificate, then the certificate has most likely either not been associated with the apps services or apphost. The first step would be to ssh to the QRadar console and run /opt/qradar/support/recon ps and look for a certificate error.

    If the first or second line of the output contains and error regarding ssl, you will then need to ensure that the current SSL certificate includes the URI shown in the error.

    This can be seen by checking the names listed on the certificate via your web browser.

    If the qradar local hostname is not shown on the certificate, a new certificate will need to be generated listing the current qradar dns hostname along with the hostname shown by the apps server.

    The apps hostname can also be retrieved by running the following command "cat /opt/qradar/conf/nva.conf |grep CONSOLE_FQDN". The hostname output of this command should also be included in the SSL Certificate for the apps server to function correctly.

    If all of this is correct on the system, there may be an issue with the CA Trust installation on qradar, in which case, I suggest following the ibm ssl certificate installation instructions at https://www.ibm.com/support/knowledgecenter/SS42VS_7.3.3/com.ibm.qradar.doc/c_qradar_adm_ssl.html.

    Regards.

    Simon



    #QRadar
    #Support
    #SupportMigration


  • 3.  RE: Can someone assist with the error message in the Network Hierarchy app version 1.0.2?

    Posted Thu September 24, 2020 09:31 AM

    Hello,

    We experience the same error on version 7.4 and app version 1.0.2

    Were using the OOB self signed cert for our setup and this has been confirmed as valid via the recon ps output and IBM support as suggested by Simon.



    #QRadar
    #Support
    #SupportMigration


  • 4.  RE: Can someone assist with the error message in the Network Hierarchy app version 1.0.2?

    Posted Thu September 24, 2020 12:00 PM

    Thanks for both of your comments and we will be looking at the SSL Certificate.

    Sandy



    #QRadar
    #Support
    #SupportMigration


Related Content