IBM Security QRadar SOAR

 View Only
Expand all | Collapse all

QRadar Enhanced Data Migration Error: Reason: Could not subscribe to any message destinations Error Code: 33

  • 1.  QRadar Enhanced Data Migration Error: Reason: Could not subscribe to any message destinations Error Code: 33

    Posted Wed November 23, 2022 07:47 AM

    Hi,

    I'm trying to install the app of QRadar Enhanced Data Migration in my Lab but whenever I try Test Configuration it shows me error:

    ------------------------ Running selftest with IBM SOAR ------------------------ - Getting app.configs ------------------------ Testing REST connection to SOAR ------------------------ - Checking if we can authenticate a REST connection with 'a2d0a5ed-f79e-4ea7-9db0-b75b7ea57a2b' to '192.168.100.188' /opt/app-root/lib64/python3.9/site-packages/urllib3/connection.py:458: SubjectAltNameWarning: Certificate for 192.168.100.188 has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/urllib3/urllib3/issues/497 for details.) warnings.warn( ------------------------ Successfully connected via REST! ------------------------ ------------------------ Testing STOMP connection to SOAR ------------------------ - Checking if we can authenticate a STOMP connection with 'a2d0a5ed-f79e-4ea7-9db0-b75b7ea57a2b' to '192.168.100.188' ------------------------ Instantiating instance of resilient-circuits and starting it... ------------------------ 2022-11-23 06:20:46,905 INFO [app] Configuration file: /etc/rescircuits/app.config 2022-11-23 06:20:46,906 INFO [app] Resilient server: 192.168.100.188 2022-11-23 06:20:46,906 INFO [app] Resilient api key id: a2d0a5ed-f79e-4ea7-9db0-b75b7ea57a2b 2022-11-23 06:20:46,907 INFO [app] Resilient org: Commtel 2022-11-23 06:20:46,907 INFO [app] Logging Level: INFO /opt/app-root/lib64/python3.9/site-packages/urllib3/connection.py:458: SubjectAltNameWarning: Certificate for 192.168.100.188 has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/urllib3/urllib3/issues/497 for details.) warnings.warn( 2022-11-23 06:20:46,967 INFO [co3base] Using org name: Commtel 2022-11-23 06:20:47,616 INFO [app] Components auto-load directory: (none) /opt/app-root/lib64/python3.9/site-packages/urllib3/connection.py:458: SubjectAltNameWarning: Certificate for 192.168.100.188 has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/urllib3/urllib3/issues/497 for details.) warnings.warn( 2022-11-23 06:20:47,696 INFO [co3base] Using org name: Commtel 2022-11-23 06:20:48,212 INFO [common] UI tab for fn_qradar_integration already exists. Checking for updates. 2022-11-23 06:20:48,421 INFO [component_loader] Loading 3 components 2022-11-23 06:20:48,421 INFO [component_loader] 'fn_qradar_enhanced_data.components.poller.PollerComponent' loading 2022-11-23 06:20:48,423 INFO [poller] Poller interval is not configured, so poller will not run. 2022-11-23 06:20:48,423 INFO [component_loader] 'fn_qradar_enhanced_data.components.qradar_offense_summary.FunctionComponent' loading 2022-11-23 06:20:48,563 INFO [component_loader] 'fn_qradar_enhanced_data.components.qradar_top_events.FunctionComponent' loading 2022-11-23 06:20:48,617 INFO [selftest] - Waiting for subscription to message destination. Sleeping for 2 seconds 2022-11-23 06:20:48,618 INFO [stomp_component] Connect to 192.168.100.188:65001 2022-11-23 06:20:48,619 INFO [actions_component] 'fn_qradar_enhanced_data.components.qradar_offense_summary.FunctionComponent' function 'qradar_offense_summary' registered to 'fn_qradar_enhanced_data' 2022-11-23 06:20:48,620 INFO [actions_component] 'fn_qradar_enhanced_data.components.qradar_top_events.FunctionComponent' function 'qradar_top_events' registered to 'fn_qradar_enhanced_data' 2022-11-23 06:20:48,620 INFO [app] App Started 2022-11-23 06:20:48,620 INFO [app] Components loaded 2022-11-23 06:20:48,724 INFO [actions_component] STOMP attempting to connect 2022-11-23 06:20:48,724 INFO [stomp_component] Connect to Stomp... 2022-11-23 06:20:48,725 INFO [client] Connecting to 192.168.100.188:65001 ... 2022-11-23 06:20:48,733 WARNING [client] Could not connect to 192.168.100.188:65001 [Could not establish connection [[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1129)]] 2022-11-23 06:20:48,743 INFO [client] Connecting to 192.168.100.188:65001 ... 2022-11-23 06:20:48,753 WARNING [client] Could not connect to 192.168.100.188:65001 [Could not establish connection [[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1129)]] 2022-11-23 06:20:48,774 INFO [client] Connecting to 192.168.100.188:65001 ... 2022-11-23 06:20:48,779 WARNING [client] Could not connect to 192.168.100.188:65001 [Could not establish connection [[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1129)]] 2022-11-23 06:20:48,819 INFO [client] Connecting to 192.168.100.188:65001 ... 2022-11-23 06:20:48,825 WARNING [client] Could not connect to 192.168.100.188:65001 [Could not establish connection [[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1129)]] 2022-11-23 06:20:48,825 ERROR [client] Reconnect failed [Reconnect timeout: 3 attempts] 2022-11-23 06:20:50,620 INFO [selftest] - Waiting for subscription to message destination. Sleeping for 2 seconds 2022-11-23 06:20:52,623 INFO [selftest] - Waiting for subscription to message destination. Sleeping for 2 seconds 2022-11-23 06:20:54,625 INFO [selftest] - Waiting for subscription to message destination. Sleeping for 2 seconds 2022-11-23 06:20:54,646 ERROR [actions_component] <load_all_success[loader] ( )> (<class 'circuits.core.manager.TimeoutError'>): ERROR: File "/opt/app-root/lib64/python3.9/site-packages/circuits/core/manager.py", line 869, in processTask value = parent.throw(value.extract()) File "/opt/app-root/lib64/python3.9/site-packages/resilient_circuits/actions_component.py", line 781, in subscribe_to_queues yield self.wait("Connected", timeout=self.stomp_timeout) 2022-11-23 06:20:56,628 INFO [selftest] - Waiting for subscription to message destination. Sleeping for 2 seconds ERROR: could not connect to SOAR at '192.168.100.188'. Reason: Could not subscribe to any message destinations Error Code: 33

    Your help will be appriciated.

    Regards,



    ------------------------------
    Umer Nawaz
    InfoSec Engineer
    ------------------------------


  • 2.  RE: QRadar Enhanced Data Migration Error: Reason: Could not subscribe to any message destinations Error Code: 33

    Posted Fri December 02, 2022 10:55 AM
    It is failing because of the certificate you are using. Try to connect without using certificate validation.

    ------------------------------
    Richard Swierk
    ------------------------------