Troubleshooting a Resilient App
There are several ways to verify the successful operation of a function. You can also use these ways to troubleshoot a problem with your Resilient app.
There are several ways to verify the successful operation of a function. You can also use these ways to troubleshoot a problem with your Resilient app.
Resilient is designed to help your security team respond faster to threats within your system. Its various functions send data to external code or applications for the purpose of integration work.
There are several ways to verify the successful operation of a given function to investigate potential issues. In the post below, we've listed several methods of troubleshooting problems within your Resilient app.
When viewing an incident, use the Actions menu to view Action Status. By default, "pending" and "errors" are displayed.
Modify the filter for "actions" to also show Completed actions. Clicking on an action displays additional information on the progress made or what error occurred.
A separate log file is available to review scripting errors.
This is useful when issues occur in the pre-processing or post-processing scripts. The default location for this log file is: /var/log/resilient-scripting/resilient-scripting.log
By default, Resilient logs are retained at /usr/share/co3/logs. The client.log may contain additional information regarding the execution of functions. Be sure to check and see what you find.
The log is controlled in the .resilient/app.config file under the section [resilient] and the property logdir. The default file name is app.log. Each function will create progress information. Failures will show up as errors and may contain Python trace statements.
If you are considering any custom cybersecurity solution that focuses on the resources and needs of your organization, please send a note to connect@metronlabs.com.
We look back on developments from 2024 and ahead to opportunities in 2025.
Aiming to get your app/integration solution published to Splunkbase?
Troubleshoot common Cybereason EPP-SIEM integration errors.
As we come to rely more and more on cloud services, ensuring that your environment is running smoothly can often feel like a juggling act. Fortunately, tools such as AWS Cloudwatch can help streamline this process, by providing an observability solution that enables you to track and respond to performance