Troubleshooting a Resilient App
There are several ways to verify the successful operation of a function. You can also use these ways to troubleshoot a problem with your Resilient app.
There are several ways to verify the successful operation of a function. You can also use these ways to troubleshoot a problem with your Resilient app.
Resilient is designed to help your security team respond faster to threats within your system. Its various functions send data to external code or applications for the purpose of integration work.
There are several ways to verify the successful operation of a given function to investigate potential issues. In the post below, we've listed several methods of troubleshooting problems within your Resilient app.
When viewing an incident, use the Actions menu to view Action Status. By default, "pending" and "errors" are displayed.
Modify the filter for "actions" to also show Completed actions. Clicking on an action displays additional information on the progress made or what error occurred.
A separate log file is available to review scripting errors.
This is useful when issues occur in the pre-processing or post-processing scripts. The default location for this log file is: /var/log/resilient-scripting/resilient-scripting.log
By default, Resilient logs are retained at /usr/share/co3/logs. The client.log may contain additional information regarding the execution of functions. Be sure to check and see what you find.
The log is controlled in the .resilient/app.config file under the section [resilient] and the property logdir. The default file name is app.log. Each function will create progress information. Failures will show up as errors and may contain Python trace statements.
If you are considering any custom cybersecurity solution that focuses on the resources and needs of your organization, please send a note to connect@metronlabs.com.
In this newsletter, we focus on developments with SOAR, upcoming industry events, and security application updates.
OCSF has evolved since initial release. Learn more about its version history.
Discover how Metron's expertise in BAS integrations can help you achieve a seamless and successful integration with SafeBreach.
Take a closer look at the key components of XDR.