Hello,
I integrated Sophos with Qradar using the API, it had been working till today as I'm seeing a timed out error.
We didn't any change in the firewall policies.
[root@invqrdraio bin]# python3 siem.py
Config endpoint=/siem/v1/events, filename='Sophos_Central.log' and format='cef'
URL: api1.central.sophos.com/.../events
Traceback (most recent call last):
File "/usr/lib64/python3.6/urllib/request.py", line 1349, in do_open
encode_chunked=req.has_header('Transfer-encoding'))
File "/usr/lib64/python3.6/http/client.py", line 1254, in request
self._send_request(method, url, body, headers, encode_chunked)
File "/usr/lib64/python3.6/http/client.py", line 1300, in _send_request
self.endheaders(body, encode_chunked=encode_chunked)
File "/usr/lib64/python3.6/http/client.py", line 1249, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File "/usr/lib64/python3.6/http/client.py", line 1036, in _send_output
self.send(msg)
File "/usr/lib64/python3.6/http/client.py", line 974, in send
self.connect()
File "/usr/lib64/python3.6/http/client.py", line 1407, in connect
super().connect()
File "/usr/lib64/python3.6/http/client.py", line 946, in connect
(self.host,self.port), self.timeout, self.source_address)
File "/usr/lib64/python3.6/socket.py", line 724, in create_connection
raise err
File "/usr/lib64/python3.6/socket.py", line 713, in create_connection
sock.connect(sa)
TimeoutError: [Errno 110] Connection timed out
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "siem.py", line 413, in <module>
main()
File "siem.py", line 410, in main
run(options, config_data, state_data)
File "siem.py", line 402, in run
endpoint, options, config_data, state
File "siem.py", line 383, in get_alerts_or_events
write_cef_format(results)
File "siem.py", line 121, in write_cef_format
for i in results:
File "/usr/bin/api_client.py", line 319, in make_token_request
events = self.call_endpoint(token.url, default_headers, args)
File "/usr/bin/api_client.py", line 260, in call_endpoint
events_response = self.request_url(events_request_url, None, default_headers)
File "/usr/bin/api_client.py", line 196, in request_url
response = self.opener.open(request)
File "/usr/lib64/python3.6/urllib/request.py", line 526, in open
response = self._open(req, data)
File "/usr/lib64/python3.6/urllib/request.py", line 544, in _open
'_open', req)
File "/usr/lib64/python3.6/urllib/request.py", line 504, in _call_chain
result = func(*args)
File "/usr/lib64/python3.6/urllib/request.py", line 1392, in https_open
context=self._context, check_hostname=self._check_hostname)
File "/usr/lib64/python3.6/urllib/request.py", line 1351, in do_open
raise URLError(err)
urllib.error.URLError: <urlopen error [Errno 110] Connection timed out>
[root@invqrdraio bin]#
