Deleted Observables, Show up on the statistics tab under Observables by Type #343
Comments
Wyv3rnSec
changed the title
|
It seems it is related to how the Dashboard is reading the ES instance. When uploading another set of 1k Observables it can take some time to ingest (You see TheHive loading the data on the top right). If you were to delete all of those same observables and then re-add them again. They are almost instantly ingested again as if they are being cached. I believe this is where the problem is. If the Statistics Dashboard is reading the ES versioning within the index docs or the Cache then it is getting the incorrect data thus not showing the correct graph. Anyone else have any theories on this or solutions? |
|
Hi @RyanDress In fact the charts related to observable stats on Statistics page, don't ignore deleted observables. Note that the statistics page will be replaced by a new Dashboard sections where users will be able to compose their own dashboards. |
Conflicts: ui/app/views/directives/charts/chart.html
Deleted Observables, Show up on the statistics tab under Observables by Type
Request Type
Bug
Work Environment
Problem Description
On the statistics tab/portion of theHive. If you scroll down to "Observables By Type" it will show the stats of observables even after they have been deleted.
Steps to Reproduce
a. if you uploaded 1000 IPs, then delete 900 in the case, when you view the statistics page it will say there are 1000 IPs not 100.
Possible Solutions
Since data is stored within the elasticsearch database when you query the DB it will still show your deleted observable as deleted Docs. I will do some testing to validate if the deleted docs are whats causing the issue and re-update.
The text was updated successfully, but these errors were encountered: