11-08-2023 07:53 AM
Hello,
XSOAR's native playbook named 'QRadarFullSearch' has a task called 'Get QRadar search results'. Everytime we run this task, it fails with the following error log:
Failed to execute qradar-get-search-results command.
Error:
Traceback (most recent call last):
File "<string>", line 15863, in main
File "<string>", line 14390, in qradar_search_results_get_command
File "<string>", line 12178, in search_results_get
File "<string>", line 11998, in http_request
File "<string>", line 9173, in _http_request
File "<string>", line 12041, in qradar_error_handler
DemistoException: Error in API call [404] - 404
The search "3ffa6801-025a-4e74-a63d-c0d916b57d93" is still being processed. Results are not yet available.
After some investigation, we found out that the problem is related with the task 'Is search completed?' which basically consists on the following logic (see attachment for evidence):
QRadar.Search.Status Equals (String) COMPLETED
Somehow, this comparison is returning TRUE under the following condition (see attachment for evidence):
Label: yes, Condition: [EXECUTE Equals COMPLETED]
This is causing the playbook the retrieve results of a search that is on an 'EXECUTE' status and therefore causing the failure of the playbook.
Could you please check this internally?
Regards.
12-13-2023 12:03 PM
From what you are describing, this looks like this is an issue with our QRadarFullSearch out of the box playbook, part of the QRadar Content Pack.
Please open up a support case with our support team and someone will be assisting you with this problem.
Thank you.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
