Error occured while trying to save detection event to database

CrowdStrike / falcon-orchestrator

CrowdStrike Falcon Orchestrator provides automated workflow and response capabilities

GNU Affero General Public License v3.0

185 stars 60 forks source link

Error occured while trying to save detection event to database #33

Closed tmitchell5280 closed 7 years ago

tmitchell5280 commented 7 years ago

Hello, we are getting a new error related to trying to save a detection to the SQL Database.

Here is the exact error from the log file. System.ArgumentOutOfRangeException: Value to add was out of range. Parameter name: value at System.DateTime.Add(Double value, Int32 scale) at FalconOrchestrator.Client.AuditEvent.get_FormattedTimestamp() at FalconOrchestrator.Client.AuthActivityAuditModel.Save()

I tried the last solution, which was to increment the offset of the event that is causing the error, N+1, but it did not help with this error, so far.

I also tried changing both the region and timezone, and back. Found someone on MSDN having a similar problem and it worked for him.

Has anyone ran into this error before and if so how did you fix it.

Thanks,

-Troy

mr-burnse commented 7 years ago

This issue just surfaced this week as the UTCTimestamp field on events of type AuthActivityAuditEvent is being pushed through the API with two types of unix epoch formatted timestamps...one with milliseconds and one without. Orchestrator is expecting a certain format and is crashing because of this. I will look to provide a bug fix for this early next week.

mr-burnse commented 7 years ago

Fix has been published here. Please follow implementation steps to apply it.

tmitchell5280 commented 7 years ago

Hi Evan,

Awesome Falcon Orchestrator is back up and running. Now my team and myself don't feel soooooooo Naked! We love it, everyone should love it.

You rock Evan.

Thanks again for your hard work and helping support the community.

You should be prod of the work you do.

Take Care,

-Troy

----- Original Message -----

From: "Evan Burns" notifications@github.com To: "CrowdStrike/falcon-orchestrator" falcon-orchestrator@noreply.github.com Cc: "tmitchell5280" troymitchell@comcast.net, "Author" author@noreply.github.com Sent: Monday, June 5, 2017 9:29:29 AM Subject: Re: [CrowdStrike/falcon-orchestrator] Error occured while trying to save detection event to database (#33)

Fix has been published here . Please follow implementation steps to apply it.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub , or mute the thread .

mr-burnse commented 7 years ago

Thanks for the kind words! Glad you and your team are getting value out of the tool.