IBM Support

QRadar: How to enable DNS resolution for Custom Action Scripts

How To


Summary

This article provides information on how to configure DNS resolution for custom action scripts.

Objective

This document can help you configure hostnames instead of IP address of systems present in your QRadar® for Custom Action Scripts. Adding hostnames can be useful for:
-Custom Action Scripts
-API Calls 

Steps

  1. Log in to the QRadar Console on the command-line interface.
  2. Run the following command to back up your existing resolv.conf file:
    cp -v /opt/qradar/bin/ca_jail/etc/resolv.conf /root/resolv.conf
  3. To add the Domain Name and associated IP address to this file, make note of the format, and run the following command:
    echo "Domain_Name 127.0.0.1" >> /opt/qradar/bin/ca_jail/etc/resolv.conf
    The new definition is added to the end of the file. Make sure you have two > characters, or you overwrite the file. If this happens, copy the original file back from step 2.
  4. Perform a Full Deploy from the QRadar GUI.
Results:
After the deployment, the config change is complete. The administrators can repeat this process for any other hosts.

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwthAAA","label":"Offenses"},{"code":"a8m0z000000cwtmAAA","label":"Reports"}],"ARM Case Number":"TS008298804","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
08 March 2022

UID

ibm16552876