Apexynn
commented
6 days ago Hello,
I'm not quite sure if it would still be useful for you, but maybe somebody wanders around here.
After you unzipped either the MISP-IOC-IMPORTR-QRadar-safe.zip or the MISP-IOC-IMPORTR-Docker.zip, go into the container/pip directory. Once you're there, change the python wheel file's extension to zip, and expand them as well. Edit the METADATA file in each of them so it accepts a lesser version of python.
change: Requires-Python: >=3.7 to: Requires-Python: >=3.6
This is necessary because by default QRadar uses Python 3.6 and that's why the exception error occurs. After you've changed these, just archive them again, and change the extension back to the python wheel format. Now repackage the app with the qapp package command.
Also, one other issue could cause the error, is that you're QRadar instance doesn't have enough memory to allocate it to the app (only 10% of QRadar's full memory are reserved for the apps), so you might need to change the memory within manifest.json file {"memory": 300} to a lesser value.
The app should be created now properly.
All the bests, Richard
While installation of qradar-misp-ioc-importer, i have followed the steps from https://www.ibm.com/support/pages/qradar-whats-new-app-framework-sdk-v200
While installing, I have successfully installed SDK, edited the qenv.ini file, also manifest.json file But after running command :- qapp deploy -q -u -p com.mycompany.myapp.zip
It starts uploading, but after some time it gives me error Final application state: ERROR