Resilient IRP Integrations Create WebEx Meeting Function Guide Web Ex
User Manual:
Open the PDF directly: View PDF 
.
Page Count: 7
| Download | |
| Open PDF In Browser | View PDF |
Incident Response Platform Integrations Create WebEx Meeting Function V1.0.1 Release Date: July 2018 Resilient Functions simplify development of integrations by wrapping each activity into an individual workflow component. These components can be easily installed, then used and combined in Resilient workflows. The Resilient platform sends data to the function component that performs an activity then returns the results to the workflow. The results can be acted upon by scripts, rules, and workflow decision points to dynamically orchestrate the security incident response activities. This guide describes the Create WebEx Meeting Function. Overview This Resilient Function package provides a function fn_create_webex_meeting that takes in a meeting name, a meeting agenda, and a meeting password which it uses to create a Cisco WebEx meeting returning the host url and the attendee url. Included in the package is one example workflow that use the fn_create_webex_meeting function: - Example: Create WebEx Meeting: Incident The workflow calls fn_create_webex_meeting to create a meeting for the incident using the name and description from the incident and puts the meeting details in the incident notes section. Also included in the package is an example rule for calling the workflow from an incident. Licensed Materials – Property of IBM © Copyright IBM Corp. 2010, 2018. All Rights Reserved. US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Installation Before installing, verify that your environment meets the following prerequisites: • Resilient platform is version 30 or later. • You have a Resilient account to use for the integrations. This can be any account that has the permission to view and modify administrator and customization settings, and read and update incidents. You need to know the account username and password. • You have access to the command line of the Resilient appliance, which hosts the Resilient platform; or to a separate integration server where you will deploy and run the functions code. If using a separate integration server, you must install Python version 2.7.10 or later, or version 3.6 or later, and “pip”. (The Resilient appliance is preconfigured with a suitable version of Python.) Install the Python components The functions package contains Python components that are called by the Resilient platform to execute the functions during your workflows. These components run in the Resilient Circuits integration framework. The package also includes Resilient customizations that will be imported into the platform later. Complete the following steps to install the Python components: 1. Ensure that the environment is up-to-date, as follows: sudo pip install --upgrade pip sudo pip install --upgrade setuptools sudo pip install --upgrade resilient-circuits 2. Run the following command to install the package: sudo pip install --upgrade fn_create_webex_meeting-1.0.0.zip Configure the Python components The Resilient Circuits components run as an unprivileged user, typically named integration. If you do not already have an integration user configured on your appliance, create it now. Complete the following steps to configure and run the integration: 1. Using sudo, switch to the integration user, as follows: sudo su - integration 2. Use one of the following commands to create or update the resilient-circuits configuration file. Use –c for new environments or –u for existing environments. resilient-circuits config -c or resilient-circuits config -u 3. Edit the resilient-circuits configuration file, as follows: a. In the [resilient] section, ensure that you provide all the information required to connect to the Resilient platform. b. In the [create_webex_meeting] section, edit the settings as follows: webex_email=webex_password= webex_site=<subdomain, i.e abc> Page 2 webex_site_url=<entire url, i.e abc.webex.com> webex_timezone=GMT<timezone offset from GMT, i.e -04:00, if GMT-00:00, just use GMT with no timezone offset> # use these as an alternative to webex_site (i.e. developer sandbox) #webex_site_id= #webex_partner_id= Deploy customizations to the Resilient platform This Resilient Function package provides a function fn_create_webex_meeting, an example workflow that invokes the fn_create_webex_meeting function, a message destination, and a rule for creating the fn_create_webex_meeting menu item. 1. Use the following command to deploy these customizations to the Resilient platform: resilient-circuits customize 2. Respond to the prompts to deploy functions, message destinations, workflows and rules. Run the integration framework To test the integration package before running it in a production environment, you must run the integration manually with the following command: resilient-circuits run The resilient-circuits command starts, loads its components, and continues to run until interrupted. If it stops immediately with an error message, check your configuration values and retry. Configure Resilient Circuits for restart For normal operation, Resilient Circuits must run continuously. The recommend way to do this is to configure it to automatically run at startup. On a Red Hat appliance, this is done using a systemd unit file such as the one below. You may need to change the paths to your working directory and app.config. 1. The unit file must be named resilient_circuits.service To create the file, enter the following command: sudo vi /etc/systemd/system/resilient_circuits.service 2. Add the following contents to the file and change as necessary: [Unit] Description=Resilient-Circuits Service After=resilient.service Requires=resilient.service [Service] Type=simple User=integration WorkingDirectory=/home/integration ExecStart=/usr/local/bin/resilient-circuits run Restart=always TimeoutSec=10 Environment=APP_CONFIG_FILE=/home/integration/.resilient/app.config Page 3 Environment=APP_LOCK_FILE=/home/integration/.resilient/resilient_circuits. lock [Install] WantedBy=multi-user.target 3. Ensure that the service unit file is correctly permissioned, as follows: sudo chmod 664 /etc/systemd/system/resilient_circuits.service 4. Use the systemctl command to manually start, stop, restart and return status on the service: sudo systemctl resilient_circuits [start|stop|restart|status] You can view log files for systemd and the resilient-circuits service using the journalctl command, as follows: sudo journalctl -u resilient_circuits --since "2 hours ago" Function Descriptions Once the function package deploys the function(s), you can view them in the Resilient platform Functions tab, as shown below. The package also includes example workflows and rules that show how the functions can be used. You can copy and modify these workflows and rules for your own needs. fn_create_webex_meeting: Create WebEx Meeting The Resilient Function fn_create_webex_meeting takes a meeting name, a meeting agenda, a meeting password, and meeting times which it uses to create a Cisco WebEx meeting returning the host url and the attendee url. A user may want to use fn_create_webex_meeting to create a meeting for incidents, artifacts, or tasks, in order to organize completion. Page 4 Example: Create WebEx Meeting: Incident The incident name and the incident description are passed into the example workflow in the preprocessor script. The screenshot below shows the example workflow with an incident as input and the postprocessor script that retrieves the host url and attendee url from the fn_create_webex_meeting function and adds them to a note associated with the incident. Page 5 Troubleshooting There are several ways to verify the successful operation of a function. • Resilient Action Status When viewing an incident, use the Actions menu to view Action Status. By default, pending and errors are displayed. Modify the filter for actions to also show Completed actions. Clicking on an action displays additional information on the progress made or what error occurred. • Resilient Scripting Log A separate log file is available to review scripting errors. This is useful when issues occur in the pre-processing or post-processing scripts. The default location for this log file is: /var/log/resilient-scripting/resilient-scripting.log. • Resilient Logs Page 6 By default, Resilient logs are retained at /usr/share/co3/logs. The client.log may contain additional information regarding the execution of functions. • Resilient-Circuits The log is controlled in the .resilient/app.config file under the section [resilient] and the property logdir. The default file name is app.log. Each function will create progress information. Failures will show up as errors and may contain python trace statements. Support For additional support, contact support@resilientsystems.com. Including relevant information from the log files will help us resolve your issue. Page 7 </pre><hr>Source Exif Data: <br /><pre>File Type : PDF File Type Extension : pdf MIME Type : application/pdf PDF Version : 1.7 Linearized : No Page Count : 7 Language : en-US Tagged PDF : Yes XMP Toolkit : 3.1-701 Title : Resilient IRP Integrations Create WebEx Meeting Function Guide Creator : IBM Resilient Creator Tool : Microsoft Word Create Date : 2018:10:25 18:15:11+00:00 Modify Date : 2018:10:25 18:15:11+00:00 Document ID : uuid:0852579D-B57F-4274-B340-387A2129CCCB Instance ID : uuid:0852579D-B57F-4274-B340-387A2129CCCB Author : IBM Resilient </pre> <small>EXIF Metadata provided by <a href="https://exif.tools/">EXIF.tools</a></small> <div id="ezoic-pub-ad-placeholder-110"> <script async src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script> <!-- usermanual link ad --> <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-0545639743190253" data-ad-slot="6172135303" data-ad-format="link"></ins> <script> (adsbygoogle = window.adsbygoogle || []).push({}); </script> </div> </div> <div id="catlinks" class="catlinks catlinks-allhidden" data-mw="interface"></div> <div class="visualClear"></div> </div> </div> <div id="mw-navigation"> <h2>Navigation menu</h2> <div id="mw-head"> <div id="p-personal" role="navigation" class="" aria-labelledby="p-personal-label"> <!-- <div id="p-search" role="search"> <form action="https://usermanual.wiki/search.php" id="searchform"> <div id="simpleSearch"> <input type="search" name="search" placeholder="Search UserManual.wiki" title="Search UserManual.wiki [ctrl-option-f]" accesskey="f" id="searchInput" tabindex="1" autocomplete="off"><input type="hidden" value="Special:Search" name="title"><input type="submit" name="go" value="Go" title="Find a User Manual" id="searchButton" class="searchButton"> </div> </form> </div>--> <ul> <li id="pt-mycontris"><a href="https://usermanual.wiki/upload" title="Upload User Manual" accesskey="y">Upload a User Manual</a></li> </ul> </div> <div id="left-navigation"> <div id="p-namespaces" role="navigation" class="vectorTabs" aria-labelledby="p-namespaces-label"> <h3 id="p-namespaces-label">Versions of this User Manual:</h3> <ul> <li id="ca-nstab-main"><span><a href="https://usermanual.wiki/Document/Resilient20Integrations20Create20WebEx20Meeting20Function20Guide.127120550" title="User Manual Wiki" accesskey="c">Wiki Guide</a></span></li> <li id="ca-nstab-main"><span><a href="https://usermanual.wiki/Document/Resilient20Integrations20Create20WebEx20Meeting20Function20Guide.127120550/pdf" title="PDF" accesskey="c">PDF</a></span></li> <li id="ca-nstab-main"><span><a href="https://usermanual.wiki/Document/Resilient20Integrations20Create20WebEx20Meeting20Function20Guide.127120550/html" title="HTML" accesskey="c">HTML</a></span></li> <li id="ca-nstab-main"><span><a href="https://usermanual.wiki/Document/Resilient20Integrations20Create20WebEx20Meeting20Function20Guide.127120550/amp" title="Mobile AMP" accesskey="c">Mobile</a></span></li> <li id="ca-nstab-main" class="selected" ><span><a href="https://usermanual.wiki/Document/Resilient20Integrations20Create20WebEx20Meeting20Function20Guide.127120550/help" title="Discussion / FAQ / Help" accesskey="c">Download & Help</a></span></li> </ul> </div> </div> <div id="right-navigation"> <div id="p-views" role="navigation" class="vectorTabs" aria-labelledby="p-views-label"> <h3 id="p-views-label">Views</h3> <ul> <li id="ca-view"><span><a href="#">User Manual</a></span></li> <li class="selected" id="ca-edit"><span><a href="https://usermanual.wiki/Document/Resilient20Integrations20Create20WebEx20Meeting20Function20Guide.127120550/help" title="Ask a question" accesskey="e">Discussion / Help</a></span></li> </ul> </div> </div> </div> <div id="mw-panel"> <div id="p-logo" role="banner"><a class="mw-wiki-logo" href="https://usermanual.wiki/Main_Page" title="Visit the main page"></a></div> <div class="portal" role="navigation" id="p-navigation" aria-labelledby="p-navigation-label"> <h3 id="p-navigation-label">Navigation</h3> </div> <div class="portal" role="navigation" id="p-tb" aria-labelledby="p-tb-label"> </div> </div> </div> <div id="footer" role="contentinfo"> <ul id="footer-info"> <li id="footer-info-lastmod">© 2025 UserManual.wiki</li> </ul> <ul id="footer-places"> <li id="footer-places-privacy"><a href="https://usermanual.wiki/ContactUs" title="UserManual.wiki:Contact Us">Contact Us</a></li> <li id="footer-places-about"><a href="https://usermanual.wiki/DMCA" title="UserManual.wiki:DMCA">DMCA</a></li> </ul> <ul id="footer-icons" class="noprint"> <li id="footer-poweredbyico"> </li> </ul> </div> </div></body></html> <script src="/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js" data-cf-settings="f6fc98188b1ef119e2fb389a-|49" defer></script>