Open WednesdayAd opened 5 years ago
Add the following command above that error for debugging: print(qradar_response.content)
(if its just IP, at line 88, otherwise line 97).
This should show you the error message from qradar.
This is not an IP, it happened when importing the URL. After adding the recommended line, received the following information
15:49:23 -- Initiating, IOC POST to QRadar b'{"http_response":{"code":400,"message":"Invalid syntax for this request was provided"},"code":1001,"description":"An error occurred parsing the JSON formatted message body","details":{},"message":"JSON Parse Error!! Colon encountered but was not in a JSON Object"}' 15:49:24 -- Could not POST IOCs to QRadar (Failure)
Sounds like you entered an incorrect URL, which contains a colon. Is it just IP or hostname (no protocol)?
It's like "http://animalclub[.]co/"
Just use "animalclub.co" then - as mentioned, no protocol or slashes
Hello! I managed to integrate MISP and Qradar, but it only works IP. When I try post all IOCs I have error 400 - Bad request. Element Type of the reference set is AlphaNumeric. What am I doing wrong?