Configuring a proxy for threat feeds
You might need to route traffic through a proxy if you route through a proxy to access
websvc.resilientsystems.com
or a threat feed that is hosted externally and you use
the resutil threaserviceedit
command.
Enter the following commands to configure a proxy for threat feed
access.
sudo resutil configset -key proxyhost -svalue PROXYSERVER
sudo resutil configset -key proxyport -ivalue PROXYPORT
If a username and password is needed, then run the following
command.
sudo resutil configset -key proxyuser -svalue PROXYUSER
sudo resutil keyvaultset -name proxy -stdin
<Password for proxy>
EOF(Ctrl+D)
You can test that the password was
applied.
sudo resutil keyvaultget -name proxy
After you run the commands, you need to restart the SOAR Platform.
sudo systemctl restart resilient
You can run the following command to check whether a proxy is already
configured.
sudo resutil configget -key proxyhost
sudo resutil configget -key proxyport
When you set the proxy host value, you might not need to add HTTP:// to the beginning of the IP address or FQHN of your proxy. The SOAR Platform by default uses HTTP to connect to your proxy.
If you need to disable the proxy setting, use the following
commands.
sudo resutil configset --delete -key proxyhost
sudo resutil configset --delete -key proxyport
sudo resutil configset --delete -key proxyuser
After, restart the SOAR Platform.
sudo systemctl restart resilient