richard-julien
commented
2 months ago Hi @RegturH ,
Thats an option we forget to put in the documentation. You should be able to modify this number using.
As env variable
DATA_SHARING__MAX_CSV_FEED_RESULT=10000
Or in config file
"data_sharing": {
"max_csv_feed_result": 10000
},However you need tro understand that this number can lead to performance degradation depending of your platform and your csv feed configuration. Please do some testing and align this number with your platform capacity to avoid any problem.
@labo-flg can you take some time to add this in the official doc? Thanks.
RegturH
Prerequisites
Description
Last year I asked a question surrounding the maximum length of csv feeds.
I would like to increase it but it not possible.
I created https://github.com/OpenCTI-Platform/opencti/issues/4636
this has been closed.
I was not able to upgrade our platform due to technical challenges.
When upgrading to 6.2.0 I wanted to upgrade the csv feed.
when reading the wiki: https://docs.opencti.io/latest/usage/feeds/ I saw the limit was still 5000 entries.
Environment
Reproducible Steps
Steps to create the smallest reproducible scenario:
Additional information
Issue Summary:
We are currently utilizing a CSV feed to supply our firewall with pertinent malicious IP addresses. However, we are encountering a limitation where the feed can only accommodate up to 5,000 IPs.
The feed operates on a rolling time frame of two months. During this period, we often add more IPs than we remove. This imbalance results in relevant IPs being displaced from the feed by newer ones.
Question:
Is it possible to partition this feed to address the issue?