Only 2500 newest submissions get event logs #1
Comments
fennellkyle
changed the title
|
Hi Kyle, I think I was aware of this potential issue when I implemented the add-on but accepted it as at the time the limit was far out of sight (for my own and probably most other companies). On higher limits requests would eventually timeout and no events would be returned altogether. So this was the easiest, admittedly quite dirty solution. I'lll look into your suggested solution which sounds like the way to properly handle this. Unfortunately I don't have access to a well filled Bugcrowd program anymore. I'll have to see how I can make do with Bugcrowd's test-program API and will hopefully get back to you over the course of next week. Cheers, |
|
I have the opposite issue, I have a well filled Bugcrowd program but don't have a local/dev instance of Splunk to test against. |
|
A pull request would be very appreciated. I'll likely have the opportunity to verify and test your proposed changes over the course of next week. |
If
track_states=Truethen the HTTP request to the API has a parameter oflimit=2500with nooffsetso the response only contains the 2500 newest Bugcrowd submissions. For a large enterprise that now has close to 10000 submissions, there are no events created in Splunk for the older submissions that may take a while to get resolved. Just about anything a year older doesn't create events.1 solution could be using the
offsetand loop until all submissions are returned.The text was updated successfully, but these errors were encountered: