Help
FortiSOAR Knowledge Base
FortiSOAR: Security Orchestration and Response software provides innovative case management, automation, and orchestration. It pulls together all of an organization's tools, helps unify operations, and reduce alert fatigue, context switching, and the mean time to respond to incidents.
nmathur
Staff
Staff

Created on ‎09-02-2021 03:51 AM

Article Id 195936

Technical Note: Ingestion on QRadar version v1.5.0 or earlier fails with error: 'unsupported operand type(s) for -: 'method' and 'int''

Description

Ingestion on QRadar version 1.5.0 or earlier fails with the following error:
CS-WF-8: The Jinja '{% if macro.QRadarLastOffensePullTime == '0' %}{{ (arrow.utcnow().timestamp) - (vars.Pull_Sample_Offense_in_Past_X_Minutes| int)  *60 }}{% else %} {{macro.QRadarLastOffensePullTime}}{% endif %}' threw an error: 'unsupported operand type(s) for -: 'method' and 'int''.


This failure can occur in the following scenarios:

  • Case 1. When users have already configured data ingestion on QRadar and then they upgrade their FortiSOAR version.
  • Case 2. When users try to configure the data ingestion for QRadar on FortiSOAR for first time.

Important: This error occurs due to the latest updates in Jinja Framework and the fix for this error will be available in QRadar from version v.1.6.0 onward.


Solution
To resolve this issue, do the following:
  1. Open the FortiSOAR UI and navigate to the QRadar ingestion playbook collection: Connectors page > Data Ingestion > QRadar > Playbooks.
  2. Open the > IBM QRadar > Fetch playbook from ingestion playbook collection.
  3. Edit the Set Time configuration step and replace the .timestamp string with  .int_timestamp at two places as shown in the following screenshot and save the playbook step.
  4. Similarly, edit the Calculate QRadar Epoch Time step and replace the .timestamp string with .int_timestamp at one place as shown in the following screenshot and save the playbook step.
  5. Save the > IBM QRadar > Fetch playbook.
  6. Navigate to the Connector > Data Ingestion > QRadar > Playbooks, and click the Setting button in the Action column in front of QRadar connector to reconfigure the ingestion.
    Note: If you had already configured the ingestion for QRadar, which was working prior to upgrade then you don’t need to perform step 6, as the next ingestion schedule will automatically execute the updated playbooks. However, if you were trying to configure the ingestion for QRadar when you faced this issue then you need to perform the step 6 and reconfigure the ingestion.
  7. If you are going to configure the more ingestions on QRadar, then do the following:
    1. Navigate to Playbooks > and select the Sample - IBM QRadar - 1.5.0 collection.
    2. Perform steps from 2 to 5 to update the > IBM QRadar > Fetch playbook in the sample collection page, since this will be the playbook that will be considered for further ingestions on QRadar.

    757
    0 Kudos
    Suggest New Article
    Article Feedback
    Contributors
    Broad. Integrated. Automated.

    The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

    Social Media
    Security Research
    Company
    News & Articles
    Contact Us

    Copyright 2025 Fortinet, Inc. All Rights Reserved.