Resilient is designed to help your security team respond faster to threats within your system. Its various functions send data to external code or applications for the purpose of integration work.

There are several ways to verify the successful operation of a given function to investigate potential issues. In the post below, we've listed several methods of troubleshooting problems within your Resilient app.

Resilient Action Status

When viewing an incident, use the Actions menu to view Action Status. By default, "pending" and "errors" are displayed.

Modify the filter for "actions" to also show Completed actions. Clicking on an action displays additional information on the progress made or what error occurred.

Resilient Scripting Log

A separate log file is available to review scripting errors.

This is useful when issues occur in the pre-processing or post-processing scripts. The default location for this log file is: /var/log/resilient-scripting/resilient-scripting.log

Resilient Logs

By default, Resilient logs are retained at /usr/share/co3/logs. The client.log may contain additional information regarding the execution of functions. Be sure to check and see what you find.

Resilient-Circuits

The log is controlled in the .resilient/app.config file under the section [resilient] and the property logdir. The default file name is app.log. Each function will create progress information. Failures will show up as errors and may contain Python trace statements.

If you are considering any custom cybersecurity solution that focuses on the resources and needs of your organization, please send a note to connect@metronlabs.com.