IBM Support

Error occurred trying to Import Yara and Sigma rules from Github.com

Troubleshooting


Problem

Customers who use the Yara and Sigma Rule Manager app, may encounter an error trying to import the sample rules from Github.com.
These are the default Github URL's to import into the Yara and Sigma Rule Manager app:
https://github.com/IBM/qradar-sigma-app-samples
https://github.com/IBM/qradar-yara-app-samples

Symptom

You may see an error in the UI as per the screenshot below:
image-20240215152806-1

Cause

This can be caused by customer network environments where Network Administrators are redirecting URL's by firewall or routing rules.  This can happen to On-prem and QRoC customers.

Diagnosing The Problem

In order to confirm this is the problem, you can use the web browser developer tools, network tab, to verify the request URL.  In this example, the URL to the github samples was redirected from
this:
https://github.com/IBM/qradar-sigma-app-samples/contents 
to this:
https://api.github.com/repos/IBM/qradar-sigma-app-samples/contents

Resolving The Problem

In order to resolve the problem, you will need to inquire with your firewall Administrator to prevent the URL from being redirected.

Document Location

Worldwide

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSKMKU","label":"IBM QRadar on Cloud"},"Component":["QRadar Apps"],"ARM Category":[{"code":"a8m0z000000cwt3AAA","label":"QRadar Apps"}],"ARM Case Number":"TS014810329","Line of Business":{"code":"LOB24","label":"Security Software"}},{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Component":["QRadar Apps"],"ARM Category":[{"code":"a8m0z000000cwt3AAA","label":"QRadar Apps"}],"ARM Case Number":"TS014810329","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
12 March 2024

UID

ibm17118417