FortiSOAR Knowledge Base
FortiSOAR: Security Orchestration and Response software provides innovative case management, automation, and orchestration. It pulls together all of an organization's tools, helps unify operations, and reduce alert fatigue, context switching, and the mean time to respond to incidents.
Andy_G
Staff
Staff
Description
If your playbooks fail, then you can use the Executed Playbook Logs to debug the playbook issues. You can access the playbook execution history by clicking the Executed Playbook Logs icon in the top-right corner of the FortiSOAR™ screen or by clicking Automation > Playbooks > Execution History.



Solution

Common playbook errors

This section covers some of the common playbook errors that you can face while executing a playbook.


Error MessageResolution
CS-WF-1: This step is referencing a non-existent playbook <playbook_iri>. Please link an existing playbook by editing the step and selecting a playbook from the listCheck the step that contains the reference playbook, and select a playbook from the existing playbook list, thereby ensuring that this step is referencing an existing playbook.
CS-WF-2: Either the playbook is invalid or the playbook's start step is not linked to any other stepAdd appropriate steps to the playbook for the playbook to be executed. An example of this would be a playbook with  just a trigger step and no subsequent step.
CS-WF-3: Invalid format of value for for_each loop <variable>. The error is <error_in_variable>Correct the step loop syntax. An example of this would be a Jinja for loop over a non-existent variable.
CS-WF-4: The step name ‘<step_name>’ was not found. Used in the Jinja template: '<jinja>'Check the spelling of the step name and ensure that the step exists.
CS-WF-5: Inappropriate use of Jinja key: 'no filter named 'values' in Jinja template '{{vars.request.data | values}}'Correct the Jinja template, for example “{{ vars.request.data | values }}”, used in the playbook.
CS-WF-6: Invalid Jinja syntax: '<jijna>' gives the error 'unexpected '}Correct the Jinja syntax. An example of this would be forgetting to add Jinja curly braces in step loop definition.
CS-WF-7: Invalid Jinja template: '{{vars.input.records[0]}}’ gives the error 'dict object' has no attribute 'records'This error occurs when a playbook step is accessing the index of null value. For example, {{vars.input.records[0]}} on records = null.
Validate the parsed parameter that is used to execute the playbook. An example of this would be if
CS-WF-8: The Jinja '{<jinja_expression>}' threw an error: '{<error_message>}'Validate the evaluated Jinja syntax and input parameters. This error is a runtime error in Jinja expression.
CS-WF-9: The time limit set for playbook execution in config.ini file (CELERYD_TASK_SOFT_TIME_LIMIT) has been exceeded.This is a Playbook Engine Timeout error.
Optimise the playbook or increase the playbook execution time in the config.ini file
To increase the playbook execution time:
File Location : /opt/cyops-workflow/sealab/sealab/config.ini
Parameters : CELERYD_TASK_SOFT_TIME_LIMIT (CELERYD_TASK_TIME_LIMIT must always greater than CELERYD_TASK_SOFT_TIME_LIMIT)
Increase the value, in seconds, of the CELERYD_TASK_SOFT_TIME_LIMIT parameter.
After you have changed the value of the CELERYD_TASK_SOFT_TIME_LIMIT parameter, restart the celeryd service using the following command:
systemctl restart celeryd
CS-WF-10: Either the Step IRI or the Condition is not set in one of the given conditionsProvide the condition or missing Step IRI that fulfill the given decision step conditions.
CS-WF-11: Child playbook is inactive. Activate the referenced playbook <playbook_name> This error occurs when in a reference playbook step, you have referred to an inactive playbook. Change the state of the referenced playbook to Active.
CS-WF-12: Invalid inputs provided for remote playbook step :: tenant id missingThis error occurs in case of a remote reference playbook step.
Specify the Tenant ID or validate the Tenant ID that you have specified in the remote reference playbook step.
CS-WF-13: Invalid Playbook. Playbook should always be DAG, Directed Acyclic GraphThis issue occurs if the playbook has a cyclic structure.
Check the paths that you have defined in the playbook and ensure that your playbook does not have a cyclic structure.
CS-WF-14: Could not resolve URL/IRI: <url/iri>Check the jinja expression that you have used, specifically check that the IRI or URL that you have specified is correct and reachable before you use the same. An example of this would be that you have specified an incorrect URL or IRI in a picklist.
CS-WF-15: <module_name> ' <record_name> ' does not exists in <module_name>s.Check that you have specified the right name to find the record in the database or ensure that the record that you are trying to find is present in the database before you use the same. An example of this would be that you have specified data that cannot be retrieved from the database in a picklist.
CS-WF-29: Error occurred while cleaning up the workflow logs ERROR :: <error_message>..Check that the date that you have specified for purging the log is valid and also check that the time format of the request is valid.
CS-WF-31: Error occurred while configuring proxy settings\n ERROR :: <error_message>.Check the proxy settings that you are trying to configure and please take the appropriate action based on the error message.
CS-WF-32: Error occurred while establishing RabbitMQ connection\n ERROR <error_message>.Check that configuration settings and the credentials that you have specified for while creating the RabbitMQ connection.
SQLSTATE22001 Indicate that you are entering a value of length greater than max_length supported by an field. You can look for field having length constraint in module editor and either reduce the size of data in field or increase the length and publish.Check fields that have length constraints in the module editor and then either reduce the size of data in the field or increase the length specified in the module editor and publish the module.



Common connector framework errors

This section covers some of the common connector framework errors that you can face while executing a playbook.

Error Message
Resolution
CS-INTEGRATION-1: Invalid inputs :: Invalid or no file was uploaded
This issue occurs when the connector import API is called without the associated connector .tgz file. Check whether the API call contains connector .tgz file in the API body.
CS-INTEGRATION-2: Error occurred while importing config from previous version connector ERROR :: <error_message>
Check whether all the FortiSOAR™ services are up and connector database exists with the correct schema when you are importing the connector configuration from a previous version of the connector.
CS-INTEGRATION-3: Error occurred while import connector <connector _name> ERROR:: <error_message>
Check if you are trying to import a connector configuration of a connector that already exists on your FortiSOAR™ instance with same version installed. Also, if you are importing the connector using a .tgz file, ensure that the file uploaded is in correct format. For further debugging check the error message. 
CS-INTEGRATION-4: The connector is either deactivated or could not be loaded. Ensure that the connector is installed and active.This issue occurs if any operation of the connector is called and the connector is in an "Inactive" state. Therefore, activate the connector and ensure that the status of the connector is set to "Available".
CS-INTEGRATION-5: Error occurred while executing the connector action ERROR :: <error_message>Check the error message to understand which connector and then correspondingly which operation of the connector has caused the error. Take corrective action within the specific connector and on the operation that was called based on the error message. It is also possible that you have not configured some parameter that is required for the operation to work OR some required configuration is missing for the connector.

Common IMAP connector errors

This section covers some of the common IMAP connector issues when you are configuring the connector or when you are executing the connector step in a playbook.  

Error MessageResolution
CS-IMAP-1: Socket Binding on '0.0.0.0::10010 ' failed with Error :: <error>Check that the port on the specified host is enabled and not used for any other process.
Note: CS-IMAP-1, CS-IMAP-4, CS-IMAP-5, CS-IMAP-14, and CS-IMAP-15 errors occurs when you are configuring the IMAP connector (new version or new installation), or when you are activating or deactivating the connector, or when you are checking the health of the connector with the Enable Email Notification Service option checked.
CS-IMAP-4: Notification Service already running for server imap.gmail.com:993 and user demo@gmail.comCheck the username, host, port, or source folder that you have specified, since this error occurs when a configuration with the same username, host, port, or source folder already exists for the email notification service. Therefore, you require to change the parameter (which currently exists) or delete the previous configuration.
CS-IMAP-5: Exception occurred while creating or starting notification serviceCheck that you have specified correct configuration parameters. For more information on the error, check the log file located at: /var/log/cyops/cyops-integrations/imap/listener.log. Then deactivate and then activate the connector.
CS-IMAP-6: Notification service terminated unexpectedly for username <username>This error occurs when an unexpected error occurs when the email notification service is running.
Deactivate the connector, restart the uwsgi service, and again activate the connector. For more information on the error, check the log file located at: /var/log/cyops/cyops-integrations/imap/listener.log.
CS-IMAP-7: Retrying <number> time... Exception occurred while starting IMAP Idle mode. Exception :: <error>}Validate the parsed parameter that is used to execute the playbook.
CS-IMAP-8: Error occurred while starting IMAP Idle mode for username ' <username> ' ERROR :: <error> This error occurs when the connection between the IMAP connector and the mailbox server fails. This issue occurs after the IMAP connector has tried 10 times to connect to the mailbox server using the IMAP idle mode.
Deactivate the connector, restart the uwsgi service, and again activate the connector. For more information on the error, check the log file located at: /var/log/cyops/cyops-integrations/imap/listener.log.
CS-IMAP-9: Error occurred in notification service while listening mailbox ERROR :: <error>This error occurs when an undefined or suspicious response is received from the mailbox.
Check the health of the IMAP connector and ensure that it is in the Available state for the configuration. If the connector is not in an Available state, deactivate and then activate the connector.
CS-IMAP-12: Notification Service not running for server <host>:<port> user <username>. Deactivate and activate the connector to restart the listenersThis error occurs when the email notification service is stopped because of some exception or error.
Deactivate the connector, restart the uwsgi service, and again activate the connector. For more information on the error, check the log file located at: /var/log/cyops/cyops-integrations/imap/listener.log.
CS-IMAP-13: Notification Service is already stopped for server <host>:<port> and user <username>This error occurs when you try to stop an already stopped email notification service.
Deactivate the connector, restart the uwsgi service, and again activate the connector. For more information on the error, check the log file located at: /var/log/cyops/cyops-integrations/imap/listener.log.
CS-IMAP-14: Error while authenticating the mailbox. Invalid Username or PasswordCheck the username and password that you have provided for the mailbox, and ensure that it is correct.
CS-IMAP-15: Error in bringing up notification serviceCheck the notification service script for errors. The notification service script is located at: /opt/cyops-connector-imap/imap_push_notification. Run the notification service script individually on workflow python environment, and then check whether lsof is installed properly. If lsof is not installed properly, install it by running the yum install lsof command.
CS-IMAP-16: Notification service is down. Deactivate and activate the connector to restart the serviceThis error occurs when you try to stop the email notification service with the listener that is already in an inactive state.
Deactivate the connector, restart the uwsgi service, and again activate the connector. For more information on the error, check the log file located at: /var/log/cyops/cyops-integrations/imap/listener.log.
CS-IMAP-18: Exception occurred while logging out the IMAP client. ERROR :: <error> This error occurs when you are logging out the user from the mailbox server on deactivating the connector or when you are deleting or updating the configuration.
This occurs when there is a timeout or unexpected termination of the connection between the mailbox server and the IMAP connector, or the client has been unused for a long time. Ensure that the connection between the mailbox server and the IMAP connector is established.
CS-IMAP-19: Exception occured while creating the the IMAP client for username <username>. Please check the 'Use TLS' and 'Verify SSL' optionCheck whether the mail server that you are using supports self-signed certificates for ssl verification. Try clearing the Verify SSL checkbox.

Common Utilities connector errors

This section covers some of the common Utilities connector issues when you are configuring the connector or when you are executing the connector step in a playbook. For more information on various errors see the log file located at: \var\log\cyops\cyops-integrations\connectors.log.

ErrorResolution
CS-CONNECTOR-UTILITY-1: Invalid input :: cannot be blank or nullCheck that the parameter that you have specified in any action of the connector is of valid data type and not blank.
CS-CONNECTOR-UTILITY-2: Invalid input :: <param_name> Given value <param_value> has type mismatch expecting <required_type> actual <give_param_type>

Check that the parameter that you have specified in any action of the connector is of  valid data type and the specified parameter matches the required type that is mentioned in the error messages.

CS-CONNECTOR-UTILITY-3: Invalid input :: Given filename/filepath <filename/filepath> doesn't existsCheck that the filename/filepath that you have specified as a parameter in any action of the connector is valid and exists on specified path and you have the right permission to access the specified file/filepath.
CS-CONNECTOR-UTILITY-4: Failed to verify the server certificate This error occurs when an API call is made and the authentication fails.
Ensure the SSL certificate is valid or try making the API call without SSL verification.
CS-CONNECTOR-UTILITY-6: Invalid input :: JSON provided it should be a valid json string or dict.Check that you are providing a valid JSON in the "Utils: Patch JSON" action.
CS-CONNECTOR-UTILITY-8: Error occurred while parsing the headers received by request callCheck that the file to be downloaded is not corrupt and you have specified all valid parameters when you are executing any operation which downloads the file from any server. This error is displayed when the action fails to parse the headers.
CS-CONNECTOR-UTILITY-9: Error occurred while traversing the file <filepath>Check that the filepath/filename that you have specified exists in the /tmp directory when you are executing any action that uploads files or creates the attachment.
CS-CONNECTOR-UTILITY-10: Error occurred in extracting or rendering the indicators in extract artifact action.Check that you have specified all required parameters and all the parameters are valid when you are executing the "FSR: Extract Artifacts from String" action.
CS-CONNECTOR-UTILITY-11: Invalid timestamp format, expected format:: "yyyy-MM-dd'T'HH:mm:ss.SSSCheck that you have time that you have specified for computing difference is in the required timestamp format when you are executing the "Utils: Compute Time Difference" action.
CS-CONNECTOR-UTILITY-13: Fields:{0} did not match the resource objectCheck that you have specified the fields and their values in the resource parameter of the Upsert action when you are executing the "FSR: Upsert Record" action.
CS-CONNECTOR-UTILITY-14: Fields:{0} did not match the model metadata schema for module {1}Check that the fields that you have specified in the Upsert action are of the required module when you are executing the "FSR: Upsert Record" action.
CS-CONNECTOR-UTILITY-15: Querying with fields resulted in multiple records, hence cannot be updatedCheck that you are specify a unique record IRI in the Upsert action when you are executing the "FSR: Upsert Record" action.
CS-CONNECTOR-UTILITY-16: No model metadata available for module: <module_name>Check that you have specified a valid and available module in the Upsert action when you are executing the "FSR: Upsert Record" action.
CS-CONNECTOR-UTILITY-17: Invalid time specified the key <year/years' OR month/months OR week/weeks etc> is missingCheck that you have specified a valid time string with all the required values (e.g.: year, month, minute etc) and also check for the key that is displayed in error message when you are executing the "Utils: Convert String Time to Minutes" action.
CS-CONNECTOR-UTILITY-18: Invalid JWT token provided while accessing CyOPs by the Basic auth methodCheck that the credentials that you have provided are valid or try other methods for authentication.
CS-CONNECTOR-UTILITY-19: Invalid input :: Given filename/filepath {0} already existsCheck that the target filepath/filename that you have specified does not already exist in the /tmp directory when you are executing the "File: Zip and Password Protect" OR "File: Unzip File" actions.
CS-CONNECTOR-UTILITY-20: Error Occurred while unzipping the file Error :: File is encrypted, password required for extractionIf the file that you want to unzip is a password-protected file, then you must provide the password in the "File: Unzip" action.



Contributors