Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Enhancement] When observable data is too big, use hash #2288

Closed
To-om opened this issue Dec 14, 2021 · 0 comments
Closed

[Enhancement] When observable data is too big, use hash #2288

To-om opened this issue Dec 14, 2021 · 0 comments
Assignees
@To-om
Labels
contains-docs enhancement TheHive4 TheHive4 related issues
Milestone
4.1.16

Comments

@To-om
Copy link
Contributor

To-om commented Dec 14, 2021
edited
Loading

Request Type

Enhancement

Feature Description

Fields which contains more that 32k of data cannot be indexed, and breaks index engine. The aim of this issue is to store huge observable data in a dedicated unindexed field (named fullData) and store the hash in indexed field (instead of the real value). This change must be implemented in the observable creation and in the observable search (in properties).

Existing data must also be processed but the schema evolution cannot be used because the index may be broken. The processing can use the immense term processing of Scalligraph TheHive-Project/ScalliGraph#17

In order to fix existing data, the following configuration must be set:

db.janusgraph {
  immenseTermProcessing: {
    data: observableHashToIndex
  }
}

This make the next startup slower because the whole database must be crawled.
IMPORTANT This configuration should be present only for one startup to fix the data. It should be removed as soon as the process if finished.
@To-om To-om added enhancement TheHive4 TheHive4 related issues labels Dec 14, 2021
@To-om To-om added this to the 4.1.16 milestone Dec 14, 2021
@To-om To-om self-assigned this Dec 14, 2021
@To-om To-om mentioned this issue Dec 14, 2021
Closed
3 tasks
To-om added a commit that referenced this issue Dec 14, 2021
@To-om
#2288 Use hash for big data
8a4ac2b
@To-om To-om closed this as completed Dec 14, 2021
To-om added a commit that referenced this issue Dec 14, 2021
@To-om
#2288 Use hash for big data
2e02312
To-om added a commit that referenced this issue Dec 14, 2021
@To-om
#2288 Prefix hash with algorithm
e20a231
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@To-om To-om

Labels
contains-docs enhancement TheHive4 TheHive4 related issues
Projects
None yet
Milestone
4.1.16
Development

No branches or pull requests
2 participants
@jeromeleonard @To-om