Troubleshooting
Problem
QRadar SOAR App Host installs successfully and integrations deploy, however all functions and workflows fail to complete successfully.
Symptom
Errors from the logs in the container, show a problem with authenticating using the server's API Key:
get_client api_key_secret=opts["api_key_secret"]) File "/opt/app-root/lib/python3.6/site-packages/resilient/co3base.py", line 162, in set_api_key BasicHTTPException.raise_if_error(response) File "/opt/app-root/lib/python3.6/site-packages/resilient/co3base.py", line 62, in raise_if_error raise BasicHTTPException(response) resilient.co3base.BasicHTTPException: Unauthorized: /etc/rescircuits/app.config: OK
Cause
Customer previously imported a backup from their old server and the SOAR base url was incorrect.
Environment
QRadar SOAR AppHost
Diagnosing The Problem
Check that the pairing key contains the same url for the SOAR server:
as the host line in the app.config and that the url can resolve correctly in DNS.
The following errors display when downloading logs from the Apphost
INFO [app] Configuration file: /etc/rescircuits/app.config
INFO [app] Resilient server: servername.com
INFO [app] Resilient user: None
....
do_initialization self.action_component = Actions(self.opts) File "/opt/app-root/lib/python3.6/site-packages/resilient_circuits/actions_component.py", line 262, in __init__ super(Actions, self).__init__(opts) File "/opt/app-root/lib/python3.6/site-packages/resilient_circuits/actions_component.py", line 88, in __init__ self._get_fields() File "/opt/app-root/lib/python3.6/site-packages/resilient_circuits/actions_component.py", line 140, in _get_fields client = self.rest_client() File "/opt/app-root/lib/python3.6/site-packages/resilient_circuits/actions_component.py", line 163, in rest_client return get_resilient_client(self.opts) File "/opt/app-root/lib/python3.6/site-packages/resilient_circuits/rest_helper.py", line 40, in get_resilient_client resilient_client = resilient.get_client(opts) File "/opt/app-root/lib/python3.6/site-packages/resilient/co3.py", line 163, in get_client api_key_secret=opts["api_key_secret"]) File "/opt/app-root/lib/python3.6/site-packages/resilient/co3base.py", line 162, in set_api_key BasicHTTPException.raise_if_error(response) File "/opt/app-root/lib/python3.6/site-packages/resilient/co3base.py", line 62, in raise_if_error raise BasicHTTPException(response) resilient.co3base.BasicHTTPException: Unauthorized:
Resolving The Problem
Update the URL to match between: the App.config, the pairing key and server certificate to ensure that authentication can function properly.
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSA230","label":"IBM Security QRadar SOAR"},"ARM Category":[{"code":"a8m0z0000001jTpAAI","label":"Integrations-\u003EAppHost"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
28 June 2024
UID
ibm16323747