App does not work after its rules start

The workflow, function, or other customization is not working, but the App container is deployed and the app is running.

Start by testing the app configuration from the Orchestration & Automation application. Some configuration issues can be discovered by using the app's built-in test feature.
  1. Select the app then click the Configuration tab.
  2. Select the app.config file from App Settings.
  3. Scroll to the end and choose Test Configuration.

    The self-test is individualized for each app.

If you did not find the problem, review the app logs as described in Checking the logs.

You can look up the <app_deployment> deployment name with the following command.
sudo kubectl get pods -A -l apps.isc.ibm.com/app-type=app -L app.kubernetes.io/instance
If you see the following error, the cert.cer configuration file needs to be the complete certificate chain. When you install an app, the system tries to generate the full chain and upload it. If the cert.cer was modified, restart the app. You can also try setting cafile=false in app.config just as a point of debugging. Modifying app.config and saving it automatically restarts the pod.
Unable to lock /opt/app-root/src/.resilient/resilient_circuits_lockfile: HTTPSConnectionPool(host='example.net', port=443): Max retries exceeded with url: /rest/session (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)'),))
For local or test systems, you might see the following error.
HTTPSConnectionPool(host='192.168.1.50', port=443): Max retries exceeded with url: /rest/session (Caused by SSLError(CertificateError("hostname '192.168.1.50' doesn't match 'resilient.localdomain'",),))

It happens when the hostname (listed in app.config) does not match the subject name of the certificate. By default, SOAR has a certificate with the subject name of resilient.localdomain.

To resolve the problem, either fix the name mismatch, or change the cafile value to false in the app.config configuration file.

Other connection errors can also exist if proxies are needed. Not all apps support proxy settings. Refer to the app documentation. Contact the app developer group if you have a question on whether the proxy is supported for the app.

Check for errors in the App Manager log. The App Manager is on the Orchestration & Automation application. The resilient-app-manager.log can be found in /var/log/resilient-app-manager.
com.ibm.security.apps.manager.client.ManagerClientException: javax.ws.rs.ForbiddenException: HTTP 403 Forbidden
  • Check that the Edge Gateway and SOAR clocks are not skewed.
  • Check whether the pairing key was regenerated on IBM Security QRadar® Suite Software.

You can correct the problem by re-pairing the Edge Gateway and IBM Security QRadar Suite Software by using the new pairing information when you click Renew. You need to re-create the instance as described in Creating an Edge Gateway.