Open seanmcfeely opened 5 years ago
Send me that whole ~cybersecurity/6d9de41f-949d-40ce-a77b-7a607aaae0be directory in slack chat when you get a chance.
This is a long outstanding bug. I still haven't figured it out, but I'm pretty sure it has something to do with how delayed analysis works. Some hacks were introduced to bypass it but the root cause has not yet been identified and resolved yet.
What is happening is the JSON is getting over-written with a shorter JSON without first truncating the file, so there is extra JSON at the end which invalidates the file.
We've seen the following bug three times now. I can supply the data.json file in a secure channel if someone wants to take this on.
Command line:
GUI when trying to view alert:
I think the bug may be along these lines: https://stackoverflow.com/questions/48140858/json-decoder-jsondecodeerror-extra-data-line-2-column-1-char-190