IBM QRadar SOAR

Hi,

I have installed the fn_bluecoat_site_review functions and despite multiple test, I get no results.
I have also tested the artifact in the documentation PDF but I get the following error :
2019-04-15 19:22:59,293 INFO [actions_component] Event: <bluecoat_site_review_lookup[] (id=71, workflow=url_all, user=benoit.rostagni@ibm.com) 2019-04-15 18:22:59.076000> Channel: functions.bluecoat_site_review_lookup
2019-04-15 19:22:59,514 INFO [bluecoat_site_review_lookup] artifact_value: http://avts.vn/hejxjrzjys/3978861743009/OCRjH-YuO_VcE-MgR/
2019-04-15 19:22:59,515 INFO [decorators] [bluecoat_site_review_lookup] StatusMessage: starting...
2019-04-15 19:22:59,938 ERROR [actions_component] <task[functionworker] (<function _call_the_task at 0x7fa311468050>, <bluecoat_site_review_lookup[functions.bluecoat_site_review_lookup] (id=71, workflow=url_all, user=benoit.rostagni@ibm.com) 2019-04-15 18:22:59.076000> artifact_value=u'http://avts.vn/hejxjrzjys/3978861743009/OCRjH-YuO_VcE-MgR/')> (<class 'resilient_circuits.action_message.FunctionException_'>): FunctionException_: <Traceback (most recent call last):
File "/home/resadmin/.pyenv/versions/2.7.15/lib/python2.7/site-packages/fn_bluecoat_site_review/components/bluecoat_site_review_lookup.py", line 49, in _bluecoat_site_review_lookup_function
response_json = self.sitereview(self.options['url'], artifact_value)
File "/home/resadmin/.pyenv/versions/2.7.15/lib/python2.7/site-packages/fn_bluecoat_site_review/components/bluecoat_site_review_lookup.py", line 76, in sitereview
result = rc.execute_call('post', url, payload=payload, headers=HEADERS, resp_type='text')
File "/home/resadmin/.pyenv/versions/2.7.15/lib/python2.7/site-packages/resilient_lib/components/requests_common.py", line 120, in execute_call
raise IntegrationError(msg)
IntegrationError: "'status_code: 400, msg: N/A'"
>
File "/home/resadmin/.pyenv/versions/2.7.15/lib/python2.7/site-packages/circuits/core/manager.py", line 856, in processTask
raise value.extract()
Traceback (most recent call last):
File "/home/resadmin/.pyenv/versions/2.7.15/lib/python2.7/site-packages/circuits/core/manager.py", line 617, in _dispatcher
event_handlers = self._cache[(event.name, channels)]
KeyError: ('exception', ('*',))

I have tested also http://www.resilientsystem.com/  artifact web site with a similar error

Any idea to solve this will be appreciated.





------------------------------
BENOIT ROSTAGNI
------------------------------

Hey Benoit,

So, I am not entirely sure why you are getting those errors. I actually just ran the function on that exact same url that is in your logs and got results back. In the first screen shot, you're seeing the log results. The other screen shot are the results pulled back as a dictionary object that I was clearly too lazy to write to a data table but you get the point. I would love to help you get this resolved. One of the integrations engineers reached out to me about it so I will see how I can help.

------------------------------
Gerald Trotman
------------------------------

Original Message:
Sent: Mon April 15, 2019 02:35 PM
From: BENOIT ROSTAGNI
Subject: fn_bluecoat_site_review error on test

Hi,

I have installed the fn_bluecoat_site_review functions and despite multiple test, I get no results.
I have also tested the artifact in the documentation PDF but I get the following error :
2019-04-15 19:22:59,293 INFO [actions_component] Event: <bluecoat_site_review_lookup[] (id=71, workflow=url_all, user=benoit.rostagni@ibm.com) 2019-04-15 18:22:59.076000> Channel: functions.bluecoat_site_review_lookup
2019-04-15 19:22:59,514 INFO [bluecoat_site_review_lookup] artifact_value: http://avts.vn/hejxjrzjys/3978861743009/OCRjH-YuO_VcE-MgR/
2019-04-15 19:22:59,515 INFO [decorators] [bluecoat_site_review_lookup] StatusMessage: starting...
2019-04-15 19:22:59,938 ERROR [actions_component] <task[functionworker] (<function _call_the_task at 0x7fa311468050>, <bluecoat_site_review_lookup[functions.bluecoat_site_review_lookup] (id=71, workflow=url_all, user=benoit.rostagni@ibm.com) 2019-04-15 18:22:59.076000> artifact_value=u'http://avts.vn/hejxjrzjys/3978861743009/OCRjH-YuO_VcE-MgR/')> (<class 'resilient_circuits.action_message.FunctionException_'>): FunctionException_: <Traceback (most recent call last):
File "/home/resadmin/.pyenv/versions/2.7.15/lib/python2.7/site-packages/fn_bluecoat_site_review/components/bluecoat_site_review_lookup.py", line 49, in _bluecoat_site_review_lookup_function
response_json = self.sitereview(self.options['url'], artifact_value)
File "/home/resadmin/.pyenv/versions/2.7.15/lib/python2.7/site-packages/fn_bluecoat_site_review/components/bluecoat_site_review_lookup.py", line 76, in sitereview
result = rc.execute_call('post', url, payload=payload, headers=HEADERS, resp_type='text')
File "/home/resadmin/.pyenv/versions/2.7.15/lib/python2.7/site-packages/resilient_lib/components/requests_common.py", line 120, in execute_call
raise IntegrationError(msg)
IntegrationError: "'status_code: 400, msg: N/A'"
>
File "/home/resadmin/.pyenv/versions/2.7.15/lib/python2.7/site-packages/circuits/core/manager.py", line 856, in processTask
raise value.extract()
Traceback (most recent call last):
File "/home/resadmin/.pyenv/versions/2.7.15/lib/python2.7/site-packages/circuits/core/manager.py", line 617, in _dispatcher
event_handlers = self._cache[(event.name, channels)]
KeyError: ('exception', ('*',))

I have tested also http://www.resilientsystem.com/  artifact web site with a similar error

Any idea to solve this will be appreciated.





------------------------------
BENOIT ROSTAGNI
------------------------------

Well, tested again, on 2 similar VM's (same gold master for POC)
one is buggy (the first one)
The second one set-up today with similar integrations build-up has a success.
2019-04-16 22:48:40,657 INFO [actions_component] Event: <bluecoat_site_review_lookup[] (id=88, workflow=url_all, user=benoit.rostagni@ibm.com) 2019-04-16 21:48:40.138000> Channel: functions.bluecoat_site_review_lookup
2019-04-16 22:48:40,865 INFO [bluecoat_site_review_lookup] artifact_value: http://mp3li.net
2019-04-16 22:48:40,865 INFO [decorators] [bluecoat_site_review_lookup] StatusMessage: starting...
2019-04-16 22:48:41,524 INFO [decorators] [bluecoat_site_review_lookup] StatusMessage: done...



I will investigate further after my holidays...

------------------------------
BENOIT ROSTAGNI
------------------------------

Original Message:
Sent: Tue April 16, 2019 02:56 PM
From: Gerald Trotman
Subject: fn_bluecoat_site_review error on test

Hey Benoit,

So, I am not entirely sure why you are getting those errors. I actually just ran the function on that exact same url that is in your logs and got results back. In the first screen shot, you're seeing the log results. The other screen shot are the results pulled back as a dictionary object that I was clearly too lazy to write to a data table but you get the point. I would love to help you get this resolved. One of the integrations engineers reached out to me about it so I will see how I can help.

------------------------------
Gerald Trotman

Original Message:
Sent: Mon April 15, 2019 02:35 PM
From: BENOIT ROSTAGNI
Subject: fn_bluecoat_site_review error on test

Hi,

I have installed the fn_bluecoat_site_review functions and despite multiple test, I get no results.
I have also tested the artifact in the documentation PDF but I get the following error :
2019-04-15 19:22:59,293 INFO [actions_component] Event: <bluecoat_site_review_lookup[] (id=71, workflow=url_all, user=benoit.rostagni@ibm.com) 2019-04-15 18:22:59.076000> Channel: functions.bluecoat_site_review_lookup
2019-04-15 19:22:59,514 INFO [bluecoat_site_review_lookup] artifact_value: http://avts.vn/hejxjrzjys/3978861743009/OCRjH-YuO_VcE-MgR/
2019-04-15 19:22:59,515 INFO [decorators] [bluecoat_site_review_lookup] StatusMessage: starting...
2019-04-15 19:22:59,938 ERROR [actions_component] <task[functionworker] (<function _call_the_task at 0x7fa311468050>, <bluecoat_site_review_lookup[functions.bluecoat_site_review_lookup] (id=71, workflow=url_all, user=benoit.rostagni@ibm.com) 2019-04-15 18:22:59.076000> artifact_value=u'http://avts.vn/hejxjrzjys/3978861743009/OCRjH-YuO_VcE-MgR/')> (<class 'resilient_circuits.action_message.FunctionException_'>): FunctionException_: <Traceback (most recent call last):
File "/home/resadmin/.pyenv/versions/2.7.15/lib/python2.7/site-packages/fn_bluecoat_site_review/components/bluecoat_site_review_lookup.py", line 49, in _bluecoat_site_review_lookup_function
response_json = self.sitereview(self.options['url'], artifact_value)
File "/home/resadmin/.pyenv/versions/2.7.15/lib/python2.7/site-packages/fn_bluecoat_site_review/components/bluecoat_site_review_lookup.py", line 76, in sitereview
result = rc.execute_call('post', url, payload=payload, headers=HEADERS, resp_type='text')
File "/home/resadmin/.pyenv/versions/2.7.15/lib/python2.7/site-packages/resilient_lib/components/requests_common.py", line 120, in execute_call
raise IntegrationError(msg)
IntegrationError: "'status_code: 400, msg: N/A'"
>
File "/home/resadmin/.pyenv/versions/2.7.15/lib/python2.7/site-packages/circuits/core/manager.py", line 856, in processTask
raise value.extract()
Traceback (most recent call last):
File "/home/resadmin/.pyenv/versions/2.7.15/lib/python2.7/site-packages/circuits/core/manager.py", line 617, in _dispatcher
event_handlers = self._cache[(event.name, channels)]
KeyError: ('exception', ('*',))

I have tested also http://www.resilientsystem.com/  artifact web site with a similar error

Any idea to solve this will be appreciated.





------------------------------
BENOIT ROSTAGNI
------------------------------