How To
Summary
Qradar app Connection and Configuration Verification Failed: Bad Request
Steps
Symptoms:
After configuring Qradar plugin App and save the setting, when trying to verify the configuration, get the following error in the screen,
"Connection and Configuration Verification Failed: Bad Request: {"success":false,"title":null,"message":"Invalid username or password","hints":[],"error_code":"generic"} "
Even through the user name and password is correct.
In the other scenario, reinstall qradar app will encounter the same error.
Trouble shooting:
Need to check the client.log in /usr/share/co3/logs/ in IBM Resilient side to see the root cause.
If you are seeing the following, e.g
[http-bio-443-exec-x] ERROR com.co3.userauth.UserAuthentication - Failed login attempt for user: qradar@xxx.com, user is banned
Cause:
Multiple attempts failed, ip get banned.
Solution:
IP is banned for an hour (not the specific user account)
To clear the IP banned, please do
1. SSH into the IBM Resilient appliance and run the following command to confirm there's an IP banned:
sudo -u postgres psql -c "select * from monapp.ipban;" co3
2. Remove the banned IP by running command:
sudo -u postgres psql -c "delete from monapp.ipban;" co3
3. Restart IBM Resilient service:
sudo systemctl restart resilient (for RHEL system)
sudo service resilient restart (for Debian)
Related Information
Document Location
Worldwide
Was this topic helpful?
Document Information
Modified date:
19 April 2021
UID
ibm11161748