You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I configured a server to pull events. The pull rules excluded the tag tlp:red and had a few ORGs in the permitted org field. The sync went fine and the events were downloaded.
I added several ORGs to the permitted organizations (more than 10) and after that the sync never brought any events: there was no failure but no event was brought either. The worker logs showed the upstream server' HTTP code as 305 (not modified). After a few days, I confirmed on the upstream servers that new events had been created which should have been pulled.
I deleted the server and recreated it with the same rule, no effect. I deleted all the events using the API, no effect.
Removing all the ORGs from the rule but one made the sync pull events once more.
Is there a limit on the number of orgs one can put in a pull rule?
MISP version
2.4.165
Operating System
Ubuntu
Operating System version
20.04
PHP version
7.4
Browser
Edge
Browser version
107.0.1418.56
Relevant log output
No response
Extra attachments
No response
Code of Conduct
I agree to follow this project's Code of Conduct
The text was updated successfully, but these errors were encountered:
I forgot to write: after that, when I tried to delete all the events using misp-purge, only 7 events out of 600+ were found for deletion. I deleted all the others using the API (/events/index, retrieved the event number, /events/delete/) and purged the blocklist.
By the looks of it, it seems the database of events/attributes/elements got corrupted or damaged somehow.
Support Questions
I configured a server to pull events. The pull rules excluded the tag tlp:red and had a few ORGs in the permitted org field. The sync went fine and the events were downloaded.
I added several ORGs to the permitted organizations (more than 10) and after that the sync never brought any events: there was no failure but no event was brought either. The worker logs showed the upstream server' HTTP code as 305 (not modified). After a few days, I confirmed on the upstream servers that new events had been created which should have been pulled.
I deleted the server and recreated it with the same rule, no effect. I deleted all the events using the API, no effect.
Removing all the ORGs from the rule but one made the sync pull events once more.
Is there a limit on the number of orgs one can put in a pull rule?
MISP version
2.4.165
Operating System
Ubuntu
Operating System version
20.04
PHP version
7.4
Browser
Edge
Browser version
107.0.1418.56
Relevant log output
No response
Extra attachments
No response
Code of Conduct
The text was updated successfully, but these errors were encountered: