This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
The Google Cloud Security Community will be in read-only mode July 16 - July 22 as we migrate platforms. 

Read more and check out our FAQ
Log in to ask a question

Remote Agent Connection Validation

Posted on 06-06-2025 03:03 PM
ivander_reynoso
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi,

We've installed a remote agent successfully via docker. However, when testing the integration from the SOAR console, it appears there's a timeout connection error (see below). In the 'Remote Agents' settings page, the agent status is 'Live' with an up-to-date timestamp.

What commands can be performed on the host to verify connection requirements?

The site documentation does not provide much information on how to troubleshoot other issues besides the agent deployment. (Troubleshooting  |  Google Security Operations  |  Google Cloud)

ivander_reynoso_0-1749246791310.png

ivander_reynoso_1-1749247089827.pngivander_reynoso_2-1749247257305.png

 

----------------- Main - Started ----------------- General error performing action ActiveDirectory - Ping. Error: Error: socket connection error while opening: [Errno 110] Connection timed out Error: socket connection error while opening: [Errno 110] Connection timed out Traceback (most recent call last): File "/opt/SiemplifyAgent/Integrations/ActiveDirectory_V37.0/Tasks/Task-RUN_ACTION-1875282 [Action: Ping]/ActiveDirectoryManager.py", line 173, in __init__ self.conn = Connection( ^^^^^^^^^^^ File "/opt/SiemplifyAgent/Integrations/ActiveDirectory_V37.0/lib/python3.11/site-packages/ldap3/core/connection.py", line 363, in __init__ self._do_auto_bind() File "/opt/SiemplifyAgent/Integrations/ActiveDirectory_V37.0/lib/python3.11/site-packages/ldap3/core/connection.py", line 387, in _do_auto_bind self.open(read_server_info=False) File "/opt/SiemplifyAgent/Integrations/ActiveDirectory_V37.0/lib/python3.11/site-packages/ldap3/strategy/sync.py", line 57, in open BaseStrategy.open(self, reset_usage, read_server_info) File "/opt/SiemplifyAgent/Integrations/ActiveDirectory_V37.0/lib/python3.11/site-packages/ldap3/strategy/base.py", line 146, in open raise exception_history[0][0] ldap3.core.exceptions.LDAPSocketOpenError: socket connection error while opening: [Errno 110] Connection timed out During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/opt/SiemplifyAgent/Integrations/ActiveDirectory_V37.0/Tasks/Task-RUN_ACTION-1875282 [Action: Ping]/Ping.py", line 73, in main manager = ActiveDirectoryManager( ^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/SiemplifyAgent/Integrations/ActiveDirectory_V37.0/Tasks/Task-RUN_ACTION-1875282 [Action: Ping]/ActiveDirectoryManager.py", line 179, in __init__ raise ActiveDirectoryManagerError(f"Error: {e}") ActiveDirectoryManager.ActiveDirectoryManagerError: Error: socket connection error while opening: [Errno 110] Connection timed out

 

0 4 184
Topic Labels
0 Likes
Reply
4 REPLIES 4

Posted on --/--/---- --:-- AM
dnehoda
Staff
Reply posted on --/--/---- --:-- AM 
/var/log/SiemplifyAgent
/opt/SiemplifyAgent/Logs

  • Healthy logs should look like:

    • /opt/SiemplifyAgent/Logs/siemplify_agent.log

      2023-09-22 09:19:22,994 - agent - DEBUG - Checking for stop signal
2023-09-22 09:19:22,994 - agent - DEBUG - Sending keep alive package
2023-09-22 09:19:22,994 - agent - INFO - Request to
https://deployment.siemplify-soar.com/pub/api/agents/keepalive/
(MASTER) 2023-09-22 09:19:23,180 - agent - DEBUG -
Agent-3bb8768e-2bda-4a2a-b7f7-7322737bfb83: Fetching new tasks
2023-09-22 09:19:23,180 - agent - INFO - Request to
https://deployment.siemplify-soar.com/pub/api/tasks (MASTER)
2023-09-22 09:19:26,530 - agent - DEBUG - Checking for stop signal
2023-09-22 09:19:26,530 - agent - DEBUG - Sending keep alive package
2023-09-22 09:19:26,530 - agent - INFO - Request to
https://deployment.siemplify-soar.com/pub/api/agents/keepalive/
(MASTER)

    • /var/log/SiemplifyAgent/agent.log

      2023-09-22 09:19:22,994 - agent - INFO - Request to
https://deployment.siemplify-soar.com/pub/api/agents/keepalive/
(MASTER) 2023-09-22 09:19:23,180 - agent - INFO - Request to
https://deployment.siemplify-soar.com/pub/api/tasks (MASTER)
2023-09-22 09:19:26,530 - agent - INFO - Request to
https://deployment.siemplify-soar.com/pub/api/agents/keepalive/
(MASTER) 2023-09-22 09:19:26,712 - agent - INFO - Request to
https://deployment.siemplify-soar.com/pub/api/tasks (MASTER)

 Check docker container status by running docker container ps -a, the status should look like Up 25 minutes (healthy)

Reply

Posted on --/--/---- --:-- AM
TonyH
Staff
Reply posted on --/--/---- --:-- AM

somethings you can test for connectivity

  • You can test connectivity to your soar endpoints running the curl command on the docker host
  • Make sure IPv4 forwarding is enabled on docker host by running sysctl net.ipv4.ip_forward should return 1 for enabled
  • Check if HTTP port is open by running a telnet to your SOAR instance
0 Likes
Reply

Posted on --/--/---- --:-- AM
SoarAndy
Staff
Reply posted on --/--/---- --:-- AM

I suspect your Agent does not have network access to the AD server.  This could be a VLan issue, firewall issue, routing issue, or maybe the wrong target IP?

I would personally use packet capture:  a) can you see a SYN leaving the remote agent to the AD server.  b) do you see a SYN ACK, etc

0 Likes
Reply

Posted on --/--/---- --:-- AM
dnehoda
Staff
In response to SoarAndy
Reply posted on --/--/---- --:-- AM

Yes a simple curl to that AD device as well..

tcpdump as Andy says.  

 

0 Likes
Reply
Top Solution Authors
View all