IBM QRadar SOAR

Hello, after uninstalling then resinstalling a  CTS App for test purpose : (https://exchange.xforce.ibmcloud.com/hub/extension/31c7255853ae50325eaec597c4defbc5)

The app which worked before doesn't work anymore : In the app.log the rc-cts service indicate error 303 (error while retrieving artifacts)
But I suspect Resilient to cause the problem because I can see in the client.log file :    


11:09:53.555 [Camel (camel-1) thread #2 - JmsConsumer[interprocessevents.schedule-service]] INFO com.co3.threat.CustomThreatService - Not sending Artifact Id 4653 To Custom Threat Service, artifact does not have supported type.
11:11:53.374 [Camel (camel-1) thread #1 - JmsConsumer[interprocessevents.schedule-service]] INFO com.co3.threat.CustomThreatService - Not sending Artifact Id 4656 To Custom Threat Service, artifact does not have supported type.
11:11:56.508 [Camel (camel-1) thread #3 - JmsConsumer[interprocessevents.schedule-service]] INFO com.co3.threat.CustomThreatService - Not sending Artifact Id 4659 To Custom Threat Service, artifact does not have supported type.
11:13:54.031 [Camel (camel-1) thread #6 - JmsConsumer[interprocessevents.schedule-service]] INFO com.co3.threat.CustomThreatService - Not sending Artifact Id 4662 To Custom Threat Service, artifact does not have supported type.
11:13:57.148 [Camel (camel-1) thread #5 - JmsConsumer[interprocessevents.schedule-service]] INFO com.co3.threat.CustomThreatService - Not sending Artifact Id 4665 To Custom Threat Service, artifact does not have supported type.
11:14:00.954 [Camel (camel-1) thread #2 - JmsConsumer[interprocessevents.schedule-service]] INFO com.co3.threat.CustomThreatService - Not sending Artifact Id 4669 To Custom Threat Service, artifact does not have supported type.
11:14:03.941 [Camel (camel-1) thread #1 - JmsConsumer[interprocessevents.schedule-service]] INFO com.co3.threat.CustomThreatService - Not sending Artifact Id 4672 To Custom Threat Service, artifact does not have supported type.
11:15:55.325 [Camel (camel-1) thread #2 - JmsConsumer[interprocessevents.schedule-service]] INFO com.co3.threat.CustomThreatService - Not sending Artifact Id 4678 To Custom Threat Service, artifact does not have supported type.
11:17:55.549 [Camel (camel-1) thread #1 - JmsConsumer[interprocessevents.schedule-service]] INFO com.co3.threat.CustomThreatService - Not sending Artifact Id 4681 To Custom Threat Service, artifact does not have supported type.
11:17:58.502 [Camel (camel-1) thread #3 - JmsConsumer[interprocessevents.schedule-service]] INFO com.co3.threat.CustomThreatService - Not sending Artifact Id 4685 To Custom Threat Service, artifact does not have supported type.

Do you know where this error comes from and how to fix it ? 
Thanks

------------------------------
Ekham Ramdul
------------------------------

What is the type of the artifact for these messages? Is it a built in type or a custom one?

That message indicates that the given artifact type cannot be translated into something that a threat service knows how to deal with.

Ben

------------------------------
Ben Lurie
------------------------------

Original Message:
Sent: Mon September 21, 2020 06:41 AM
From: Ekham Ramdul
Subject: Resilient won't send artifacts to our CTS App

Hello, after uninstalling then resinstalling a  CTS App for test purpose : (https://exchange.xforce.ibmcloud.com/hub/extension/31c7255853ae50325eaec597c4defbc5)

The app which worked before doesn't work anymore : In the app.log the rc-cts service indicate error 303 (error while retrieving artifacts)
But I suspect Resilient to cause the problem because I can see in the client.log file :    


11:09:53.555 [Camel (camel-1) thread #2 - JmsConsumer[interprocessevents.schedule-service]] INFO com.co3.threat.CustomThreatService - Not sending Artifact Id 4653 To Custom Threat Service, artifact does not have supported type.
11:11:53.374 [Camel (camel-1) thread #1 - JmsConsumer[interprocessevents.schedule-service]] INFO com.co3.threat.CustomThreatService - Not sending Artifact Id 4656 To Custom Threat Service, artifact does not have supported type.
11:11:56.508 [Camel (camel-1) thread #3 - JmsConsumer[interprocessevents.schedule-service]] INFO com.co3.threat.CustomThreatService - Not sending Artifact Id 4659 To Custom Threat Service, artifact does not have supported type.
11:13:54.031 [Camel (camel-1) thread #6 - JmsConsumer[interprocessevents.schedule-service]] INFO com.co3.threat.CustomThreatService - Not sending Artifact Id 4662 To Custom Threat Service, artifact does not have supported type.
11:13:57.148 [Camel (camel-1) thread #5 - JmsConsumer[interprocessevents.schedule-service]] INFO com.co3.threat.CustomThreatService - Not sending Artifact Id 4665 To Custom Threat Service, artifact does not have supported type.
11:14:00.954 [Camel (camel-1) thread #2 - JmsConsumer[interprocessevents.schedule-service]] INFO com.co3.threat.CustomThreatService - Not sending Artifact Id 4669 To Custom Threat Service, artifact does not have supported type.
11:14:03.941 [Camel (camel-1) thread #1 - JmsConsumer[interprocessevents.schedule-service]] INFO com.co3.threat.CustomThreatService - Not sending Artifact Id 4672 To Custom Threat Service, artifact does not have supported type.
11:15:55.325 [Camel (camel-1) thread #2 - JmsConsumer[interprocessevents.schedule-service]] INFO com.co3.threat.CustomThreatService - Not sending Artifact Id 4678 To Custom Threat Service, artifact does not have supported type.
11:17:55.549 [Camel (camel-1) thread #1 - JmsConsumer[interprocessevents.schedule-service]] INFO com.co3.threat.CustomThreatService - Not sending Artifact Id 4681 To Custom Threat Service, artifact does not have supported type.
11:17:58.502 [Camel (camel-1) thread #3 - JmsConsumer[interprocessevents.schedule-service]] INFO com.co3.threat.CustomThreatService - Not sending Artifact Id 4685 To Custom Threat Service, artifact does not have supported type.

Do you know where this error comes from and how to fix it ? 
Thanks

------------------------------
Ekham Ramdul
------------------------------

Hello Ben,

The CTS App can receive some built in types : ip, ip range, FQDN, url and files. The app is like Virus Total, you send artifact and it tells you if there is a risk or not.
The problem appeared when we uninstalled then reinstalled the app (the same app).

I strongly think that the problem comes from Resilient. Is there a way to clear the cache of the service which sends artifacts ?

Thanks

------------------------------
Ekham Ramdul
------------------------------

Original Message:
Sent: Tue September 22, 2020 11:26 AM
From: Ben Lurie
Subject: Resilient won't send artifacts to our CTS App

What is the type of the artifact for these messages? Is it a built in type or a custom one?

That message indicates that the given artifact type cannot be translated into something that a threat service knows how to deal with.

Ben

------------------------------
Ben Lurie

Original Message:
Sent: Mon September 21, 2020 06:41 AM
From: Ekham Ramdul
Subject: Resilient won't send artifacts to our CTS App

Hello, after uninstalling then resinstalling a  CTS App for test purpose : (https://exchange.xforce.ibmcloud.com/hub/extension/31c7255853ae50325eaec597c4defbc5)

The app which worked before doesn't work anymore : In the app.log the rc-cts service indicate error 303 (error while retrieving artifacts)
But I suspect Resilient to cause the problem because I can see in the client.log file :    


11:09:53.555 [Camel (camel-1) thread #2 - JmsConsumer[interprocessevents.schedule-service]] INFO com.co3.threat.CustomThreatService - Not sending Artifact Id 4653 To Custom Threat Service, artifact does not have supported type.
11:11:53.374 [Camel (camel-1) thread #1 - JmsConsumer[interprocessevents.schedule-service]] INFO com.co3.threat.CustomThreatService - Not sending Artifact Id 4656 To Custom Threat Service, artifact does not have supported type.
11:11:56.508 [Camel (camel-1) thread #3 - JmsConsumer[interprocessevents.schedule-service]] INFO com.co3.threat.CustomThreatService - Not sending Artifact Id 4659 To Custom Threat Service, artifact does not have supported type.
11:13:54.031 [Camel (camel-1) thread #6 - JmsConsumer[interprocessevents.schedule-service]] INFO com.co3.threat.CustomThreatService - Not sending Artifact Id 4662 To Custom Threat Service, artifact does not have supported type.
11:13:57.148 [Camel (camel-1) thread #5 - JmsConsumer[interprocessevents.schedule-service]] INFO com.co3.threat.CustomThreatService - Not sending Artifact Id 4665 To Custom Threat Service, artifact does not have supported type.
11:14:00.954 [Camel (camel-1) thread #2 - JmsConsumer[interprocessevents.schedule-service]] INFO com.co3.threat.CustomThreatService - Not sending Artifact Id 4669 To Custom Threat Service, artifact does not have supported type.
11:14:03.941 [Camel (camel-1) thread #1 - JmsConsumer[interprocessevents.schedule-service]] INFO com.co3.threat.CustomThreatService - Not sending Artifact Id 4672 To Custom Threat Service, artifact does not have supported type.
11:15:55.325 [Camel (camel-1) thread #2 - JmsConsumer[interprocessevents.schedule-service]] INFO com.co3.threat.CustomThreatService - Not sending Artifact Id 4678 To Custom Threat Service, artifact does not have supported type.
11:17:55.549 [Camel (camel-1) thread #1 - JmsConsumer[interprocessevents.schedule-service]] INFO com.co3.threat.CustomThreatService - Not sending Artifact Id 4681 To Custom Threat Service, artifact does not have supported type.
11:17:58.502 [Camel (camel-1) thread #3 - JmsConsumer[interprocessevents.schedule-service]] INFO com.co3.threat.CustomThreatService - Not sending Artifact Id 4685 To Custom Threat Service, artifact does not have supported type.

Do you know where this error comes from and how to fix it ? 
Thanks

------------------------------
Ekham Ramdul
------------------------------