IBM Security QRadar SOAR

 View Only
Expand all | Collapse all

How does Python script reach Message destination on Integration server?

  • 1.  How does Python script reach Message destination on Integration server?

    Posted Thu March 31, 2022 06:09 PM
    Hi -  can someone explain how a Python script on the integration server will reach the message destination? 
    We're getting a 'pending' status when executing a rule that triggers our message destination and it appears that it's not able to reach the Python script.

    ------------------------------
    Mark Aksen
    ------------------------------


  • 2.  RE: How does Python script reach Message destination on Integration server?

    Posted Fri April 01, 2022 08:12 AM

    Hi Mark,

    There are several steps to configuring an Integration server to communicate with the SOAR Platform. We have that documented here: https://www.ibm.com/docs/en/sqsp/44?topic=isg-introduction. The steps roughly break down to:

    1. Ensure you have the appropriate Linux or Windows server with a modern Python environment (3.6+). We are using Python 3.9 internally now.
    2. Install resilient-circuits on your Integration server.
    3. Install your python script. There are a few models for whether it's a package or single-file script for execution.
    4. Configure your app.config file with the settings needed to communicate with the SOAR platform and optionally the python script.
    5. Run resilient-circuits. It's suggested to make this a service so it will restart itself if any failures cause the process to abort.


    In addition, we have our new App Host environment which eliminates all these manual configuration steps. One app in particular makes it easy to migrate your single file Python scripts to this containerized environment: https://exchange.xforce.ibmcloud.com/hub/extension/59407c77ae739e98a51126ad0f359740.

    Good luck
    Mark



    ------------------------------
    Mark Scherfling
    ------------------------------