Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Duplicate EventIDs #505

Open
PhilOrdo opened this issue Jan 10, 2025 · 3 comments
Open

Duplicate EventIDs #505

PhilOrdo opened this issue Jan 10, 2025 · 3 comments
Assignees
@dcuellar322
Labels
bug

Comments

@PhilOrdo
Copy link
Contributor

PhilOrdo commented Jan 10, 2025
edited
Loading

Root cause presently unknown, but occasionally a few signatures will somehow be assigned the same EventID. This is not validated until attempting to push signatures on the deployment box.

The current solution is to change the signature category then change it back so the next available EventID for the category is assigned.

Example:
Screenshot 2025-01-10 at 1.08.19 PM.png
Changing the newest of each rule to EC then back to MC assigns them EventIDs 5002064 and 5002065 respectively.
@PhilOrdo PhilOrdo added the bug label Jan 10, 2025
@PhilOrdo PhilOrdo assigned PhilOrdo and dcuellar322 and unassigned PhilOrdo Jan 10, 2025
@dcuellar322 Slack
Copy link
Collaborator

This screenshot is broken.

How was the signature created? Was either one done via Import?

@PhilOrdo
Copy link
Contributor Author

Both were likely created via import.

@dcuellar322
Copy link
Collaborator

I might have a idea on a fix to prevent this from happening.

I'll try and get a PR tomorrow for it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dcuellar322 dcuellar322

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dcuellar322 @PhilOrdo