If running an analyzer from Thehive, is it normal that the cortex rest api connector return some duplicate results with the same cortexJobid? Here is the case where I was able to replicate the behaviour:
1- Run an analyzer from TheHive on a specific Observable
2- Rerun the same analyzer
3- Check the analyzer results and notice only the first analysis as results while the second one return "no records found"
4- Call the Cortex Connnector rest api and get all jobs for the same observable as above.
5- The service return duplicate jobs with the same cortexJobId and results.
My questions is , it is normal for the Cortex Connector to return duplicate job while TheHive will display only the result from the first analysis? Is the cortexJobId a unique id for each individual analyzer job ? My assumption is that the Cortex Connector will not rerun the jobs if the results are the same so it just return the job results twice?
Request Type
Question
Work Environment
Question
Hi there,
If running an analyzer from Thehive, is it normal that the cortex rest api connector return some duplicate results with the same cortexJobid? Here is the case where I was able to replicate the behaviour:
1- Run an analyzer from TheHive on a specific Observable 2- Rerun the same analyzer 3- Check the analyzer results and notice only the first analysis as results while the second one return "no records found" 4- Call the Cortex Connnector rest api and get all jobs for the same observable as above. 5- The service return duplicate jobs with the same cortexJobId and results.
My questions is , it is normal for the Cortex Connector to return duplicate job while TheHive will display only the result from the first analysis? Is the cortexJobId a unique id for each individual analyzer job ? My assumption is that the Cortex Connector will not rerun the jobs if the results are the same so it just return the job results twice?
Thanks for your help