Upgrade EclecticIQ Intelligence Center Integration

Download and upgrade EclecticIQ Intelligence Center Integration for IBM QRadar SOAR to a newer version.

To download a newer version of the the app from the IBM X-Force App Exchange marketplace, and to install it in the target IBM QRadar SOAR instance to upgrade the app:

1. Log in to the IBM QRadar SOAR instance with the resadmin user.

2. Check if the resilient-circuits integration module is running:

   # Check by process name.
   ps -A | grep resilient
   
   # Alternatively, check by user owning the process.
   ps -u resadmin
   
   # Example response where the process (with PID) is listed as running.
   PID  TTY      TIME     CMD
   1842 pts/0    00:00:02 resilient-circu
   1946 ?        00:00:00 sshd
   1947 pts/1    00:00:00 bash
   

3. If it is running, stop it by pressing CTRL + C in the active terminal session where the resilient-circuits integration module is running.

   Alternatively, run kill or pkill to stop it:

   # Specify the PID of the process.
   kill -9 1842
   
   # Specify the process name or part of the name.
   pkill resilient-circuits
   

4. Remove the current installation of EclecticIQ Intelligence Center Integration for IBM QRadar SOAR before upgrading to a newer version:

   # 'x.x.x' is a placeholder representing the app release.
   # Example: 1.0.3
   rm -rf rc-cts-eclecticiq-x.x.x
   

5. Download the latest version of EclecticIQ Intelligence Center Integration for IBM QRadar SOAR from IBM X-Force App Exchange.

6. Save the archive to the /home/resadmin directory, and then decompress it:

   # Go to the '/home/resadmin' directory.
   cd /home/resadmin
   
   # Untar the downloaded archive.
   # 'x.x.x' is a placeholder representing the app release.
   # Example: 1.1.2
   tar -zxvf rc-cts-eclecticiq-x.x.x.tar.gz
   

7. In the /home/resadmin directory, run pip install to upgrade the app:

   # Upgrade the app.
   # 'x.x.x' is a placeholder representing the app release.
   # Example: 1.1.2
   sudo pip install -e rc-cts-eclecticiq-x.x.x
   

8. Open a terminal session, log in to IBM QRadar SOAR with SSH, and start the integration module:

   # Run this command to start the integration.
   resilient-circuits run
   
   # Successful response.
   resilient-circuits has started successfully and is now running...
   Subscribe to message destination 'eclecticiq_sighting'
   Subscribe to message destination actions.201.eclecticiq_sighting
   

Note

After creating a message destination and after starting the resilient-circuits integration module, IBM QRadar SOAR may return Java error messages, and it may fail to work correctly.

If this occurs, restart the IBM QRadar SOAR instance to solve the problem.