Archived/Missing Incidents fail on request.

[mwilco03]

In code when the incident has been archive/can't be found app errors out and makes Splunk log roll. Possible courses of action:

• Disable the error & continue, do we care if incidents are gone have no forensics? Additionally we can set the timeout for the request to a shorter duration to prevent a hanging request.
• Resolve on why error presents, is it imperative to have this? May require backend work to resolve it.

This error presents in environments with re-building infrastructure primarily.

[wfg]

Is this the line that is causing the excess logging? https://github.com/twistlock/sample-code/blob/e780463ebcf1c3e2e88c324743b2d9780fb445f4/siem/splunk/twistlock/bin/poll_forensics.py#L59

Edit: add permalink

[wfg]

@mwilco03 if this is still an issue, please reopen the issue in the new dedicated repo for the Splunk app: https://github.com/PaloAltoNetworks/prisma-cloud-compute-splunk