QRadar Discovery error (Poll_Request message not Supported)

Question

QRadar Discovery error (Poll_Request message not Supported)

okandunay opened this issue 4 years ago · 7 comments

Hello everyone,
I don't know how right it is to bring the subject here, but I urgently need to find the error

The error I get is:
[WARNING] {'level': 'warning', 'timestamp': '2020-08-23T18:13:45.369029Z', 'event': 'Message not supported', 'message_version': 'urn:taxii.mitre.org:message:xml:1.1', 'service_id': u'discovery_a', 'logger': 'opentaxii.taxii.services.discovery.DiscoveryService', 'message_type': 'Poll_Request', 'message_id': '56bbc7af-1405-473a-95d8-240aae9c737a'}

[WARNING] {'exception': 'Traceback (most recent call last):\n File "/source/taxii-server/venv/lib/python2.7/site-packages/flask/app.py", line 1950, in full_dispatch_request\n rv = self.dispatch_request()\n File "/source/taxii-server/venv/lib/python2.7/site-packages/flask/app.py", line 1936, in dispatch_request\n return self.view_functionsrule.endpoint\n File "/source/taxii-server/opentaxii/middleware.py", line 76, in wrapper\n return _process_with_service(service)\n File "/source/taxii-server/opentaxii/middleware.py", line 154, in _process_with_service\n response_message = service.process(request.headers, taxii_message)\n File "/source/taxii-server/opentaxii/taxii/services/abstract.py", line 82, in process\n handler = self.get_message_handler(message)\n File "/source/taxii-server/opentaxii/taxii/services/abstract.py", line 112, in get_message_handler\n in_response_to=message.message_id)\n File "/source/taxii-server/opentaxii/taxii/exceptions.py", line 50, in raise_failure\n tb=tb)\n File "/source/taxii-server/opentaxii/taxii/services/abstract.py", line 103, in get_message_handler\n return self.handlers[message.message_type]\nFailureStatus: 'Poll_Request'', 'level': 'warning', 'timestamp': '2020-08-23T18:13:45.370111Z', 'logger': 'opentaxii.middleware', 'event': 'Status exception'}

help?

Answer 1 · 2020-08-25T09:25:15.000Z

@okandunay it seems OpenTAXII receives Poll Request message at Discovery Service endpoint:

{
  "level": "warning",
  "timestamp": "2020-08-23T18:13:45.369029Z",
  "event": "Message not supported",
  "message_version": "urn:taxii.mitre.org:message:xml:1.1",
  "service_id": "discovery_a",
  "logger": "opentaxii.taxii.services.discovery.DiscoveryService",
  "message_type": "Poll_Request",
  "message_id": "56bbc7af-1405-473a-95d8-240aae9c737a"
}

as you see Discovery Service discovery_a received message of type Poll_Request

Check your configuration

Answer 2 · 2020-08-25T09:40:48.000Z

thanks for the answer @traut , But this request comes from Qradar where should I check in config

Answer 3 · 2020-08-26T13:44:02.000Z

@okandunay I suspect that's somewhere inside Qradar. Unfortunately, I have no experience with it, so can't help with exact configuration steps.

Answer 4 · 2020-08-28T07:59:49.000Z

this is a big problem for me and I cannot progress on the project. I will treat you to a meal if they share any guiding content with knowledge :)

Answer 5 · 2021-01-11T19:45:09.000Z

@okandunay are you using this guide for your setup?

Answer 6 · 2021-03-03T17:01:35.000Z

The issue is closed because it is not a problem related to OpenTAXII itself. The issue could be open again if additional information is provided to justify it is a OpenTAXII bug. A reproducible way to create the bug is of course welcome.

Answer 7 · 2021-11-18T04:13:02.000Z

I have same issue. I dont know problem is client or server ?