Advanced configuration settings

Edit online

The [resilient] section of the app.config file contains the settings that the app uses when interacting with the Orchestration & Automation application. You can also configure each specific app to skip the default SSL verification on the app's REST connection to a third party endpoint.

Configuring default SSL verification for apps

You can change the default SSL verification on an app's REST connection to a third party endpoint to handle a self-signed certificate.

For each app, you can change the certificate verification behavior from the default certificate authority chain to a custom chain, or to skip verification entirely. Use the verify option in the app's app.config file to change the certificate verification behavior. By default, when verify is unset or set to True, the Python certifi's PEM chain is used to verify connections. This allows connections to any server with SSL that has a certificate signed by a trusted, well-known certificate authority.

In the upper part of the app's app.config file, set the verify option to specify the path to PEM file that provides the list of trusted certificate authorities for SSL verification when Orchestration & Automation is using trusted self-signed certificates. If you are not using a trusted certificate, set the verify parameter to False.

CAUTION:

Use verify=False with caution as this might allow untrusted endpoints to receive SSL requests from apps, without verifying the identity of the endpoint.

The following example shows the verify setting in an app.config file.

Note: The cafile settings in the [resilient] section of the app.config file, described below, is used for the same purpose as the verify setting, but for connecting to Orchestration & Automation rather than a third party endpoint.

Configuring app settings for interaction with SOAR

The following table describes the values that can be included in this section. Most if not all settings are supplied when you install an app. If there is none, you can add a parameter to the [resilient] section.

Parameter	Description
`log_level`	Level of log messages written to stdout and the logfile. Levels are: `CRITICAL`, `ERROR`, `WARN`, `INFO` (default), and `DEBUG`.
`host`	Required. IP or hostname for the Orchestration & Automation application.
`org`	Name of the Orchestration & Automation account. Required only if the user account is used with more than one Orchestration & Automation account.
`api_key_id`	API key account for authenticating to the Orchestration & Automation application. The ID is a long string. This is required unless you are using a user account.
`api_key_secret`	Secret for the API key account.
`stomp_port`	Port number for STOMP. Default is 443.
`stomp_timeout`	Time in seconds to wait for a connection to be established. This is useful for a Orchestration & Automation application that is experiencing delayed responsiveness. Default is 120.
`componentsdir`	Path to directory containing additional Python modules. Typically this option is only used by app developers.
`noload`	Optional. Comma-separated list of: Installed components that should not be loaded. Module names in the componentsdir that should not be loaded. Example: `my_module`, `my_other_module`, `InstalledComponentX`
`proxy_host`	IP or Host for Proxy to use for STOMP connection. By default, no proxy is used.
`proxy_port`	Port number for Proxy to use for STOMP connection. By default, no proxy is used.
`proxy_user`	User name for authentication to Proxy to use for STOMP connection. If a `proxy_host` is specified and no `proxy_user` specified, then assumed no authentication is required.
`proxy_password`	Password for authentication to Proxy to use for STOMP connection. Used in conjunction with `proxy_user`.
`cafile`	Path and file name of the PEM file to use as the list of trusted Certificate Authorities for SSL verification when the Orchestration & Automation application is using untrusted self-signed certificates. If not using a trusted certificate, `cafile` must be set to `False`. If there is a PEM file, use a second instance of `cafile` to set to `True` or `False`. If set to `False`, certificate verification is not performed and the PEM file is used. If set to `True` (default), allow only trusted certs.
`num_workers`	Specifies the number of functions that can run concurrently per application. The range is 1 to 50, and the default is 10. Setting the value too high can cause performance issues. Increase the value only when the app must wait several minutes to receive a message from its message destination.
`client_auth_cert`	Path to the client-side certificate. You need a client-side certificate when you use a reverse proxy or other security components to additionally secure the REST API of the Orchestration & Automation application with client certificate authentication. Set this parameter's value to the path to the client-side certificate.
`client_auth_key`	Path to the associated private key to the client-side certificate. The Edge Gateway does not support combined certificate and private key files for client-side certificate authentication.
`trap_exception`	When set to `True`, it does not stop a playbook when an app raises an exception error. Instead, it sends a status message and logs the error. When set to `False`, an app's exception error stops the function or playbook.