IBM Security QRadar SOAR

 View Only
Expand all | Collapse all

CVE enrichment integration may fail when getting to many results, especially in vulnerable_configuration

  • 1.  CVE enrichment integration may fail when getting to many results, especially in vulnerable_configuration

    Posted Thu March 18, 2021 05:31 AM

    CVE enrichment integration may fail when getting to many results, especially in vulnerable_configuration.

    This is the part of code modified in Post Process to get only the first 10 vulnerable_configuration of the list

                   elif key_data == 'vulnerable_configuration':
                        if value_data:
                             cur = 0
                             for vc_collection in value_data:
                                  cur += 1
                                  if cur == 10:
                                    rich_text_tmp += "More exist on CVE Web Site"
                                    break
                                  if isinstance(vc_collection,dict):

    Note: the original log of the error is

    An error occurred while processing the action acknowledgement. 
    Additional information: Post-processing script for Function 'CVE Search' from Workflow 
    'Enrichment: CVE Lookup [Action:CVE]' was unable to complete because: Traceback (most 
    recent call last): File "<script>", line 39, in <module> None: Script timeout occurred 
    (expected a maximum of 50000 line executions)
    ​


    ------------------------------
    BENOIT ROSTAGNI
    ------------------------------


  • 2.  RE: CVE enrichment integration may fail when getting to many results, especially in vulnerable_configuration

    Posted Fri March 19, 2021 03:26 PM
    There should be a better way to limit the results, either with a passed max_count like this example or via some other filtering criteria, such as date_created.

    ------------------------------
    Mark Scherfling
    ------------------------------