Under Review

SIEM API in Qradar


I'm using the SIEM API in Qradar and it works when I run the command manually but, when I configure a crontab with the command "*/10 * * * * python3 /root/Sophos-Central-SIEM-Integration-master/siem.py" it is not working.

If I run the command from a different directory where the siem.py file is located I see this error:

[root@invqrdraio log]# python3 /root/Sophos-Central-SIEM-Integration-master/siem.py -c
Usage: siem.py [options]

siem.py: error: -c option requires 1 argument
[root@invqrdraio log]# python3 /root/Sophos-Central-SIEM-Integration-master/siem.py
Traceback (most recent call last):
File "/usr/lib64/python3.6/configparser.py", line 1138, in _unify_values
sectiondict = self._sections[section]
KeyError: 'login'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/root/Sophos-Central-SIEM-Integration-master/siem.py", line 413, in <module>
File "/root/Sophos-Central-SIEM-Integration-master/siem.py", line 408, in main
config_data = load_config(options.config)
File "/root/Sophos-Central-SIEM-Integration-master/siem.py", line 352, in load_config
cfg.format = cfg.format.lower()
File "/root/Sophos-Central-SIEM-Integration-master/config.py", line 28, in __getattr__
return self.config.get("login", name)
File "/usr/lib64/python3.6/configparser.py", line 781, in get
d = self._unify_values(section, vars)
File "/usr/lib64/python3.6/configparser.py", line 1141, in _unify_values
raise NoSectionError(section)
configparser.NoSectionError: No section: 'login'
[root@invqrdraio log]#