Reattack incorrectly linked to event

Incident Report for Fluid Attacks

Postmortem

Impact

At least one group experienced inconsistencies due to the incorrect linkage of a Machine reattack to an event related to environment issues. The issue started on UTC-5 24-02-24 19:56 and was proactively discovered 9.4 months (TTD) later by a staff member who reported through our help desk [1] that the Machine reattack was mistakenly associated with an event referring to environment issues, when, in fact, the reattack was related to a static code analysis (SCA) and had no connection to the environments. The problem was resolved in 2.1 hours (TTF), resulting in a total window of exposure of 9.4 months (WOE) [2].

Cause

During cloning failures, an automatic process creates an event and places all associated reattacks in an On Hold state. Due to a coding error, this process linked the reattacks to an unrelated event, confusing the affected clients [3].

Solution

A condition was added to the code to ensure the correct association of events related to failed cloning [4].

Conclusion

The potential consequences of the new functionality were not fully anticipated. The code responsible for the functionality was fixed, and tests were added to ensure that any future modifications trigger alerts for the team. INCOMPLETE_PERSPECTIVE < MISSING_TEST

Posted Dec 05, 2024 - 17:31 GMT-05:00

Resolved

The incident has been resolved, and the scanner services reattacks are now properly linked to the correct events in case of cloning failures.
Posted Dec 05, 2024 - 16:13 GMT-05:00

Identified

Issues have been identified with the linkage of a reattack requested by Machine to an event related to analyst-reported environment problems. The reattack pertains to SCA (Static Code Analysis), unrelated to environment issues.
Posted Dec 04, 2024 - 17:45 GMT-05:00
This incident affected: Platform.