Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug] Analyzers that take more than 10 Minutes run into timeout #1156

Closed
Tobrabo opened this issue Nov 4, 2019 · 3 comments
Closed

[Bug] Analyzers that take more than 10 Minutes run into timeout #1156

Tobrabo opened this issue Nov 4, 2019 · 3 comments
Assignees
Labels
Milestone

Comments

@Tobrabo
Copy link

Tobrabo commented Nov 4, 2019

We wrote some analyzers that take rather long to finisch (from minutes to several hours). They work and cortex shows their correct output once they are finished but TheHive waits only 10 minutes for them to finish and then shows and empty return field.

To Reproduce
run any analyzer that takes longer than 10 minutes.
For example calculate hash for a big image file or run yara over an entire mounted image.

Expected behavior
It should just wait for the analyzer to finish just as cortex does.

Work environment

  • Client OS: linux
  • Server OS: linux
  • Browse type and version: firefox 68
  • Cortex version: 3.0

Possible solutions
Where do you change the timeout? can you edit timeouts for individual analyzers?

@3c7 3c7 transferred this issue from TheHive-Project/Cortex-Analyzers Nov 4, 2019
@3c7
Copy link

3c7 commented Nov 4, 2019

To clarify:
The Analyzer completes successfully and Cortex displays the correct result. The real issue is TheHive running in some kind of timeout.

@3c7 3c7 added the bug label Nov 4, 2019
@KRUXLEX
Copy link

KRUXLEX commented Dec 6, 2019

I have the same bug. It's very annoying. I wait for fix it.
Workaround:
In cortex-> analyzer->global configuration set a job.cache on more time (In my case it's a 60min). Then when you analyze the same observer again, Then hive gets a analyze from the same observer from last hour.

Logical It's should work, but in my case technically don't work.

@maugertg
Copy link

maugertg commented Jan 3, 2020

I have this issue with an Analyzer I'm building as well. The Hive timeout is ~420 seconds (7 minutes). If you run an analyzer for 419 seconds The Hive will sometimes successfully fetch the results. At 420 seconds results will almost never be successfully fetched by The Hive.

I wrote a super basic analyzer that can reproduce the issue here:
https://github.com/maugertg/the-hive-delay-error

@To-om To-om self-assigned this Jan 23, 2020
@To-om To-om added this to the 3.4.1 milestone Jan 23, 2020
To-om added a commit that referenced this issue Mar 30, 2020
@To-om To-om closed this as completed Mar 30, 2020
To-om added a commit that referenced this issue Apr 6, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

5 participants