[Bug] Persistent AuditSrv:undefined error on 4.0.1

[DrJohn1]

Persistent AuditSrv:undefined error on 4.0.1

Request Type

Bug

Work Environment

Question	Answer
OS version (server)	Ubuntu
TheHive version / git hash	4.0.1
Package Type	DEB

Problem Description

After the update the Audit flow does not load and appears empty on both the case list and case pages. Navigating multiple cases in a short time causes the hive to freeze until the timeout is reached (30000ms according to logs).

Steps to Reproduce

1. Log into the hive with +1000 cases
2. Go to case list (Audit flow does not load)
3. Navigate cases (still no Audit flow)
4. If accessing several cases within a short time (<5 mins), TheHive stops responding until the audit flow tasks finish.

Complementary information

Error shown after a while waiting:

Error shown in log file:

[KaanSK]

We have been observing the same behaviour. Its happening more on v4.0.0 and less in 4.0.1 . Additionally, a restart of thehive service is making this error disappear for some time. Generally it happens when we do case removals/deletes.

[cyberpescadito]

just removed a case in an fresh install, now this error is popping at every action i do. additionally it broken the livestream, which is confirmed by logs:

rebooting thehive solved the issue.
TheHive version: 4.0.1-1

edit: after the reboot that solved the issue, tried to create & delete a case again, no more facing the issue

[To-om]

Retrieving the initial flow requires a heavy workload because there is many audit logs and visibility rules are complex. More over the flow is sorted which means that the entire list of audit logs must be processed.
This process is done only once per organisation, then the flow is cached and updated when new audits come.
The temporary solution is to apply an early date filter to audit logs. Then initial flow won't show audit logs older than 24 hours (configurable with flow.maxAge).
The real solution will come with TheHive 4.1 which brings a new index engine.