I am working with Carbon Black EDR so I want incidents to be closed not only on xsoar but also on carbon black instance. To achieve that I implemented a post processing script. when an incident on xsoar is closed the script closes the alert on carbon black edr too . It works fine when working with a single incident. Things get complicated when multiple incidents involved.
From the incidents page I select multiple incidents (50 incidents to be more specific) and hit close, after doing that XSOAR instance hangs and it can't pull any data (it loads web pages but no data on them). After a while I am able to view incidents again. I check to see what happened to the incidents and notice that the post processing script executed as expected but docker container timed out and failed.
I am not sure if it's a docker limitation or something else. The server has plenty of resources. What is wrong?
I was looking for some answers to another issue and found this question, I know I am quite late to answer this question. But if this helps someone who is looking for the same answer than it will be great. Since few months back I was also looking for the same answer and fixed it with some Googling.
Follow these steps to fix the issue -
Example - key = my_integration.my-multi-table-query.timeout, value = 1440
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!