- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
03-25-2024 07:19 PM
I have an XSOAR 8.5 instance with a playbook which makes use of the GoQR.me QR Code Reader integration.
It had been working nicely in the playbook for months, but has begun to misbehave.
In the playbook, images are extracted from a phishing email and stored in XSOAR, and the IDs of the images are fed through
04-02-2024 04:41 PM
I have an update on this.
After reconfiguring the integration to run on an engine, and setting up tcpdump to monitor all connections to the four publicly listed IP addresses of api.qrserver.com, I can see traffic between the engine and the API server if I submit a single Entry_ID
If I submit more than one Entry_ID, the engine server doesn't even try to connect to the API server.
So something in the Integration has broken such that it does not attempt to contact the API server in the event that more than one Entry_ID is supplied. But this worked perfectly earlier in the year.
04-09-2024 02:30 PM
Hi @Mattern
Thanks for reaching out to us about this topic. Can you please answer the following questions?
- Have you recently applied an update/fix to your XSOAR environment?
- Which is the current version of XSOAR and GoQR.me QR Code Reader integration? (can you please refer us to the version/scenario where the integration ran as expected?)
- If you submit more than one Entry_ID and it stops working as expected, it is probable that the automation code will require some update to process other IDs again. As a workaround (if any update was installed for the integration), you should try rolling back to the version that was working previously.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!