Troubleshooting
Problem
The Knowledge Center guide explains how to configure encryption communication between BigFix and QRadar. However, the importation of vulnerability fix status updates from BigFix into QRadar does not work.
Symptom
The error found in the /var/log/iem-cron.log file is as follows:
org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at com.sun.proxy.$Proxy30.getRelevanceResult(Unknown Source)
at com.q1labs.qvm.iem.BigfixClient.getRelevanceResultResponse(BigfixClient.java:301)
at com.q1labs.qvm.iem.BigfixClient.getSiteIds(BigfixClient.java:104)
at com.q1labs.qvm.iem.BigfixClient.getFixletList(BigfixClient.java:154)
at com.q1labs.qvm.iem.BigfixClient.getFixletList(BigfixClient.java:139)
at com.q1labs.qvm.iem.FixletLoader.loadCurrentFixlets(FixletLoader.java:111)
at com.q1labs.qvm.iem.FixletResultReaderApp.loadActionResults(FixletResultReaderApp.java:49)
at com.q1labs.qvm.iem.FixletResultReaderApp.main(FixletResultReaderApp.java:69)
Caused by: java.lang.ClassNotFoundException:
Cause
This can be caused by using domain authentication in BigFix for user authentication.
Resolving The Problem
The guide describes how to configure BigFix to send encrypted data to QRadar. In step 2b of the guide, you are told to type ./iem-setup-webreports.pl and enter host name, host port, user name, and password for the BigFix server. For the username you would use domain\username, since the user account to log in to BigFix is domain authenticated.
Configuring encrypted communication between IBM BigFix and QRadar
However, the import of vulnerability fix status updates from BigFix into QRadar does not work.
The "\" character in the username must be escaped to successfully allow log in to BigFix from QRadar.
To resolve this issue.
- Log in to the QRadar Console by using an SSH session.
- If QVM is not running from the Console, connect to the Managed Host by using SSH.
- Change directories to /opt/qvm/iem/
cd /opt/qvm/iem/
- Backup the file webreports.properties by using this command.
cp webreports.properties webreports.properties.bak
- Using VI editor open webreports.properties.
vi webreports.properties
- Change the webreports.username parameter
webreports.username= domain\username
to
webreports.username= domain\\username - Save the changes by typing
esc :wq
- Change directories to /opt/qvm/adapter/config/
cd /opt/qvm/adapter/config/
- Backup the file plugin-bigfix.properties by using this command.
cp plugin-bigfix.properties plugin-bigfix.propertiess.bak
- Using VI editor open plugin-bigfix.properties.
vi plugin-bigfix.properties
- Change the bes.rest.username parameter
bes.rest.username= domainusername
to
bes.rest.username= domain\\username - Save the changes by typing
esc :wq
Results:
The vulnerability import should be successful the next time the cronjob runs the script (every 15 minutes by default).
Where do you find more information?
![](/support/pages/system/files/support/swg/sectech.nsf/0/32362c12956c064f852581980056986d/Content/0.E6C.png)
![](/support/pages/system/files/support/swg/sectech.nsf/0/32362c12956c064f852581980056986d/Content/0.1B74.png)
![](/support/pages/system/files/support/swg/sectech.nsf/0/32362c12956c064f852581980056986d/Content/0.2780.png)
![](/support/pages/system/files/support/swg/sectech.nsf/0/32362c12956c064f852581980056986d/Content/0.3408.png)
![](/support/pages/system/files/support/swg/sectech.nsf/0/32362c12956c064f852581980056986d/Content/0.4044.png)
![](/support/pages/system/files/support/swg/sectech.nsf/0/32362c12956c064f852581980056986d/Content/0.4F9C.png)
![](/support/pages/system/files/support/swg/sectech.nsf/0/32362c12956c064f852581980056986d/Content/0.5CC6.png)
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg22008488