IBM QRadar SOAR

Hi,

I am using Resilient v34 and Resilient Circuits 33.0.189. I want to clone a workflow but the RC command is failing. Here is the command line
resilient-circuits clone --workflow example_pdfid pdf_summary

where example_pdfid is the existing workflow and pdf_summary is the clone/copy.

The command failed with the following message

[integration@int-srv ~]$ resilient-circuits clone --workflow example_pdfid pdf_summary
Please enter password for encrypted keyring:
/usr/local/lib/python3.6/site-packages/urllib3/connection.py:388: SubjectAltNameWarning: Certificate for resilient.nkuite.com has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.)
SubjectAltNameWarning
Codegen is based on the organization export from 2019-09-25 10:50:49.395000.
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/resilient/co3.py", line 306, in post
response = super(SimpleClient, self).post(uri, payload, co3_context_token, timeout)
File "/usr/local/lib/python3.6/site-packages/resilient/co3base.py", line 351, in post
BasicHTTPException.raise_if_error(response)
File "/usr/local/lib/python3.6/site-packages/resilient/co3base.py", line 62, in raise_if_error
raise BasicHTTPException(response)
resilient.co3base.BasicHTTPException: Bad Request: {"success":false,"title":null,"message":"Default group is not found in the config file.","hints":[],"error_code":"generic"}

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/local/bin/resilient-circuits", line 11, in <module>
load_entry_point('resilient-circuits==33.0.189', 'console_scripts', 'resilient-circuits')()
File "/usr/local/lib/python3.6/site-packages/resilient_circuits/bin/resilient_circuits_cmd.py", line 700, in main
clone(args)
File "/usr/local/lib/python3.6/site-packages/resilient_circuits/bin/resilient_circuits_cmd.py", line 448, in clone
result = client.post(uri, new_export_data)
File "/usr/local/lib/python3.6/site-packages/resilient/co3.py", line 308, in post
_raise_if_error(ex.get_response())
File "/usr/local/lib/python3.6/site-packages/resilient/co3.py", line 171, in _raise_if_error
raise SimpleHTTPException(response)
resilient.co3.SimpleHTTPException: Bad Request: {"success":false,"title":null,"message":"Default group is not found in the config file.","hints":[],"error_code":"generic"}
[integration@int-srv ~]$

Thanks for your help

Gabriel

------------------------------
Gabriel NKUITE
Open Group and IBM Certified ITS
IBM
Bois Colombes
336 71016868
------------------------------

Hello Gabriel

I'm not sure if the following workaround works for you. Here is my experience.

I encountered similar problem with V33.
At that time I circumvented it by excluding Administrator Settings from .res file as follows:
    1. From Resilient Web pages, navigate 'Administrator Settings' > 'Organization'
    2. From Migrate Settings, click 'Export'
    3. Uncheck Administrator Settings from Export Settings and then click [Export] button.
   
After the above operations, I could copy workflow from 'resilient-circuits clone --workflow <old_api_name> <new_api_name>'.

  ​

------------------------------
Yohji Amano
------------------------------

Original Message:
Sent: Wed September 25, 2019 07:26 AM
From: Gabriel NKUITE
Subject: Resilient Circuits clone option failed

Hi,

I am using Resilient v34 and Resilient Circuits 33.0.189. I want to clone a workflow but the RC command is failing. Here is the command line
resilient-circuits clone --workflow example_pdfid pdf_summary

where example_pdfid is the existing workflow and pdf_summary is the clone/copy.

The command failed with the following message

[integration@int-srv ~]$ resilient-circuits clone --workflow example_pdfid pdf_summary
Please enter password for encrypted keyring:
/usr/local/lib/python3.6/site-packages/urllib3/connection.py:388: SubjectAltNameWarning: Certificate for resilient.nkuite.com has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.)
SubjectAltNameWarning
Codegen is based on the organization export from 2019-09-25 10:50:49.395000.
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/resilient/co3.py", line 306, in post
response = super(SimpleClient, self).post(uri, payload, co3_context_token, timeout)
File "/usr/local/lib/python3.6/site-packages/resilient/co3base.py", line 351, in post
BasicHTTPException.raise_if_error(response)
File "/usr/local/lib/python3.6/site-packages/resilient/co3base.py", line 62, in raise_if_error
raise BasicHTTPException(response)
resilient.co3base.BasicHTTPException: Bad Request: {"success":false,"title":null,"message":"Default group is not found in the config file.","hints":[],"error_code":"generic"}

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/local/bin/resilient-circuits", line 11, in <module>
load_entry_point('resilient-circuits==33.0.189', 'console_scripts', 'resilient-circuits')()
File "/usr/local/lib/python3.6/site-packages/resilient_circuits/bin/resilient_circuits_cmd.py", line 700, in main
clone(args)
File "/usr/local/lib/python3.6/site-packages/resilient_circuits/bin/resilient_circuits_cmd.py", line 448, in clone
result = client.post(uri, new_export_data)
File "/usr/local/lib/python3.6/site-packages/resilient/co3.py", line 308, in post
_raise_if_error(ex.get_response())
File "/usr/local/lib/python3.6/site-packages/resilient/co3.py", line 171, in _raise_if_error
raise SimpleHTTPException(response)
resilient.co3.SimpleHTTPException: Bad Request: {"success":false,"title":null,"message":"Default group is not found in the config file.","hints":[],"error_code":"generic"}
[integration@int-srv ~]$

Thanks for your help

Gabriel

------------------------------
Gabriel NKUITE
Open Group and IBM Certified ITS
IBM
Bois Colombes
336 71016868
------------------------------

Hi Yohji,

Thanks for the workaround/tip. it is still working even in v34. I have successfully clone my workflow.

------------------------------
Gabriel NKUITE
Open Group and IBM Certified ITS
IBM
Bois Colombes
336 71016868
------------------------------

Original Message:
Sent: Wed September 25, 2019 07:55 PM
From: Yohji Amano
Subject: Resilient Circuits clone option failed

Hello Gabriel

I'm not sure if the following workaround works for you. Here is my experience.

I encountered similar problem with V33.
At that time I circumvented it by excluding Administrator Settings from .res file as follows:
    1. From Resilient Web pages, navigate 'Administrator Settings' > 'Organization'
    2. From Migrate Settings, click 'Export'
    3. Uncheck Administrator Settings from Export Settings and then click [Export] button.
   
After the above operations, I could copy workflow from 'resilient-circuits clone --workflow <old_api_name> <new_api_name>'.

  ​

------------------------------
Yohji Amano

Original Message:
Sent: Wed September 25, 2019 07:26 AM
From: Gabriel NKUITE
Subject: Resilient Circuits clone option failed

Hi,

I am using Resilient v34 and Resilient Circuits 33.0.189. I want to clone a workflow but the RC command is failing. Here is the command line
resilient-circuits clone --workflow example_pdfid pdf_summary

where example_pdfid is the existing workflow and pdf_summary is the clone/copy.

The command failed with the following message

[integration@int-srv ~]$ resilient-circuits clone --workflow example_pdfid pdf_summary
Please enter password for encrypted keyring:
/usr/local/lib/python3.6/site-packages/urllib3/connection.py:388: SubjectAltNameWarning: Certificate for resilient.nkuite.com has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.)
SubjectAltNameWarning
Codegen is based on the organization export from 2019-09-25 10:50:49.395000.
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/resilient/co3.py", line 306, in post
response = super(SimpleClient, self).post(uri, payload, co3_context_token, timeout)
File "/usr/local/lib/python3.6/site-packages/resilient/co3base.py", line 351, in post
BasicHTTPException.raise_if_error(response)
File "/usr/local/lib/python3.6/site-packages/resilient/co3base.py", line 62, in raise_if_error
raise BasicHTTPException(response)
resilient.co3base.BasicHTTPException: Bad Request: {"success":false,"title":null,"message":"Default group is not found in the config file.","hints":[],"error_code":"generic"}

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/local/bin/resilient-circuits", line 11, in <module>
load_entry_point('resilient-circuits==33.0.189', 'console_scripts', 'resilient-circuits')()
File "/usr/local/lib/python3.6/site-packages/resilient_circuits/bin/resilient_circuits_cmd.py", line 700, in main
clone(args)
File "/usr/local/lib/python3.6/site-packages/resilient_circuits/bin/resilient_circuits_cmd.py", line 448, in clone
result = client.post(uri, new_export_data)
File "/usr/local/lib/python3.6/site-packages/resilient/co3.py", line 308, in post
_raise_if_error(ex.get_response())
File "/usr/local/lib/python3.6/site-packages/resilient/co3.py", line 171, in _raise_if_error
raise SimpleHTTPException(response)
resilient.co3.SimpleHTTPException: Bad Request: {"success":false,"title":null,"message":"Default group is not found in the config file.","hints":[],"error_code":"generic"}
[integration@int-srv ~]$

Thanks for your help

Gabriel

------------------------------
Gabriel NKUITE
Open Group and IBM Certified ITS
IBM
Bois Colombes
336 71016868
------------------------------