IBM QRadar App Troubleshooting

This section describes the common issues that might happen during the deployment or the running of the app and the steps to resolve the issues.

• App configuration fails with various error messages
• UI related issues in the app
• Error while initiating socket connection with IBM QRadar
• All other issues which are not a part of the Document

App configuration fails with various error messages

• Problem : A new configuration fails with error message “401 - Authorized service token is not valid.” Below is a screenshot for quick reference.

Troubleshooting Steps: This happens when the user has entered the wrong authorization service token, so authentication failed while saving the configuration. Users are recommended to provide the valid authorization service token. For checking logs, see Check IBM QRadar app logs.

• Problem : A new configuration fails with error message “IOC Module is not enabled for entered account credentials.”. Below is a screenshot for quick reference.

Troubleshooting Steps : This happens when the user doesn’t have a Threat Command TIP subscription for the IOC module which helps in data collection. So either use credentials which have IOC modules enabled or subscribe to the TIP Rapid7 module.  To check logs, see Check IBM QRadar app logs.

• Problem : A new configuration fails with error message “Authentication failed: Invalid credentials”. Below is a screenshot for quick reference.

Troubleshooting Steps : This happens when a user has entered the wrong Account ID/API key for Threat Command. Please verify the Account ID and API key. To check logs, see Check IBM QRadar app logs.

UI related issues in the app

• Problem : Configuration page or dashboard shows error or unintended behavior.

Troubleshooting Step s:  Clear the browser cache and reload the webpage.

Error while initiating socket connection with IBM QRadar

• Problem : “Error while initiating socket connection with IBM QRadar” observed in log files.

Troubleshooting Steps :

This issue can happen in the QRadar v2 app framework (< v7.4.2 P2). To resolve it, refer to the following link: https://www.ibm.com/support/pages/node/6395080

All other issues which are not a part of the Document

• Problem : If the problem is not listed above, follow these steps:

1. From the Admin panel, click System and License Management.
2. Select the host on which the IntSights app for Qradar v7.4.1 FP2+ is installed.
3. Click Actions in the top panel and select the Collect Log Files.

• The Log File Collection  pop-up is displayed.

4. Click Advance Options.
5. Select the checkbox to Include Debug Logs, Application Extension Log, Setup Log (Current Version).
6. Click Collect Log Files after selecting 5 days as data input.
7. Click Click here to download files.

• The files are downloaded into a single ZIP file on your local machine.