[Enhancement] Improve search performance by using external index engine #1731

To-om · 2021-01-05T12:51:41Z

Request Type

Enhancement

Description

Currently, TheHive4 suffers from a performance problem. The reason is that TheHive uses basic index mechanism (embedded in JanusGraph). This indexes are simple to use and to manage but they have limitations: they support only equality lookups and cannot be used for sort. In TheHive, almost all lists (list of cases, list of alerts, ...) are sorted. This implies a scan of all the elements of the list, which have a heavy performance impact (especially if the list is long).

In order to solve this issue, TheHive 4.1 will come with a new index engine.

If TheHive4 is used in a cluster mode (more than one server that run TheHive), all servers must connect to common index engine (which can be in a cluster mode or not). In this case a new component must be installed for index management. For this kind of architecture, an Elasticsearch will be used as index engine. In contrary of the use of Elasticsearch in TheHive3, in TheHive4 it will use Elasticsearch only for indexes (it wont store data). Once this new component is installed, it must be configured on all TheHive nodes (in application.conf).

db.janusgraph {
  storage { ... }
  index.search {
    backend = elasticsearch
    hostname = ["es1.local", "es2.local"] // IP or hostname of elasticsearch nodes
    index-name = thehive
  }
}

If you use TheHive4 in a single server mode, you can use Elasticsearch or a file based index engine (Lucene). The latter solution has less infrastructure impact (no component to install) and only requires configuration that indicate where index data is stored in the filesystem. The platform administrator must ensure that there is enough space to hold data.

db.janusgraph {
  storage { ... }
  index.search {
    backend = lucene
    directory = /opt/thehive/index
  }
}

If the indices are not yet installed, TheHive indexes all data at startup. This could be a long process, depending on the volume of data.

The text was updated successfully, but these errors were encountered:

cugu · 2021-01-22T10:12:17Z

Will this also speed up insertion / creation of cases?

To-om · 2021-03-05T16:58:08Z

@cugu No, indexes only speed up data retrieval, not modification

To-om added enhancement TheHive4 TheHive4 related issues labels Jan 5, 2021

To-om added this to the 4.1.0 milestone Jan 5, 2021

To-om self-assigned this Jan 5, 2021

To-om added a commit that referenced this issue Jan 5, 2021

#1731 Wrap graph to include database instance

4e3e544

To-om added a commit that referenced this issue Jan 5, 2021

#1731 Database initialisation refactoring

36b82a1

To-om added a commit that referenced this issue Jan 5, 2021

#1731 Property refactoring

94b17d4

To-om added a commit that referenced this issue Jan 5, 2021

#1731 Optimize alert queries for the use of the index

a5ef7e6

To-om added a commit that referenced this issue Jan 5, 2021

#1731 Optimize audit queries for the use of the index

480d81e

To-om added a commit that referenced this issue Jan 5, 2021

#1731 Optimize case queries for the use of the index

3991fd0

To-om added a commit that referenced this issue Jan 5, 2021

#1731 Optimize observable queries for the use of the index

8a376e5

To-om added a commit that referenced this issue Jan 5, 2021

#1731 Update database schema

21bba42

To-om added a commit that referenced this issue Jan 21, 2021

#1731 Rename waitingTask query to waitingTasks

4e2ce32

To-om added a commit that referenced this issue Jan 21, 2021

#1731 Optimise visible operation

0bfdab8

To-om added a commit that referenced this issue Jan 21, 2021

#1731 Add name to query

ee1107a

To-om added a commit that referenced this issue Jan 21, 2021

#1731 Add myTasks query

a6db468

To-om added a commit that referenced this issue Jan 21, 2021

#1731 Use index in queries

bfa77ad

To-om added a commit that referenced this issue Jan 21, 2021

#1731 Reformat code

2607903

To-om added a commit that referenced this issue Jan 22, 2021

#1731 Update migration tool for TheHive 3.5

01524dc

To-om added a commit that referenced this issue Jan 22, 2021

#1731 Fix duplication checks

03632c3

To-om added a commit that referenced this issue Jan 23, 2021

#1731 Fix dependence injection

62050db

To-om added a commit that referenced this issue Jan 27, 2021

#1731 Fix dependence injection (bis)

d9cd63f

To-om added a commit that referenced this issue Jan 27, 2021

#1731 Use implicit parameter for FieldsParser in Query

d58d3e7

To-om added a commit that referenced this issue Jan 27, 2021

#1731 Fix type in update

cee616f

To-om added a commit that referenced this issue Jan 27, 2021

#1731 Add index for tags

f048c7a

To-om added a commit that referenced this issue Jan 28, 2021

#1731 Use implicit parameter for filter property

68dc6cd

To-om added a commit that referenced this issue Jan 28, 2021

#1731 Use implicit parameter for FieldsParser in initial query

656b645

To-om added a commit that referenced this issue Jan 28, 2021

#1731 Remove warnings

5331e4c

To-om added a commit that referenced this issue Jan 28, 2021

#1731 Refactor tag autocomplete to fix visibility

64e50f1

To-om added a commit that referenced this issue Feb 9, 2021

#1731 Index refactoring

f9db070

To-om added a commit that referenced this issue Feb 12, 2021

#1731 Add API for index status

61e66e6

To-om added a commit that referenced this issue Feb 15, 2021

#1731 Fix organisationId mapping

e46498b

To-om added a commit that referenced this issue Feb 15, 2021

#1731 Add checks

4c75dfa

To-om added a commit that referenced this issue Feb 15, 2021

#1731 Fix parent/child query in Cortex

a323f48

To-om added a commit that referenced this issue Feb 16, 2021

#1731 Accept missing values in sorts

c78dcbb

To-om added a commit that referenced this issue Feb 17, 2021

#1731 Fix share filter

02e6ef7

To-om added a commit that referenced this issue Mar 1, 2021

#1731 Fix some tests

8183457

To-om added a commit that referenced this issue Mar 1, 2021

#1731 Fix freetag colour configuration

1948c63

To-om added a commit that referenced this issue Mar 1, 2021

#1731 Fix taxonomy filter

616d079

To-om added a commit that referenced this issue Mar 1, 2021

#1731 Fix taxonomy filter

7411e64

To-om added a commit that referenced this issue Mar 2, 2021

#1731 Fix test compilation error

bf47a7a

To-om added a commit that referenced this issue Mar 2, 2021

#1731 Fix cast error on string filters

323b6d6

To-om added a commit that referenced this issue Mar 3, 2021

#1731 Fix most tests

520cf25

To-om added a commit that referenced this issue Mar 3, 2021

#1731 Fix most tests

6dfcb2a

To-om added a commit that referenced this issue Mar 4, 2021

#1731 Fix managePlatform permission

cc49281

To-om added a commit that referenced this issue Mar 5, 2021

#1731 Exclude tasks from case template in waitingTasks query

777902a

nadouani closed this as completed Mar 8, 2021

To-om added a commit that referenced this issue Mar 9, 2021

#1731 Fix tags in case template during migration

7c1922f

To-om added a commit that referenced this issue Mar 9, 2021

#1731 Fix value on audit when a property is updated

8f2664d

To-om added a commit that referenced this issue Mar 18, 2021

#1731 Fix MISP synchronisation

08062a9

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Enhancement] Improve search performance by using external index engine #1731

[Enhancement] Improve search performance by using external index engine #1731

To-om commented Jan 5, 2021 •

edited by nadouani

Loading

cugu commented Jan 22, 2021

To-om commented Mar 5, 2021

[Enhancement] Improve search performance by using external index engine #1731

[Enhancement] Improve search performance by using external index engine #1731

Comments

To-om commented Jan 5, 2021 • edited by nadouani Loading

Request Type

Description

cugu commented Jan 22, 2021

To-om commented Mar 5, 2021

To-om commented Jan 5, 2021 •

edited by nadouani

Loading