Impact
At least 17 groups across 7 organizations experienced issues where some reattack requests were not being displayed in the To Do section under Reattacks. The issue started on UTC-5 25-07-10 17:30 and was proactively discovered 1 day (TTD) later by a staff member who reported through our help desk that [1] expected reattack entries were missing. As a result, these reattacks were not visible to the team, preventing their review and verification within the expected time frame. The impact was limited to the Reattacks section of the To Do view, and no other component or functionality was affected. The problem was resolved in 3.8 days (TTF), resulting in a total window of exposure of 4.8 days (WOE) [2].
Cause
The component in charge of preparing the information used to show pending reattacks became unstable due to a configuration that was not adequate for the volume of data being processed. This caused delays and failures that prevented some reattacks from being included in the list during that time.
Solution
The platform was updated to obtain reattack information from a more direct and reliable source, avoiding dependence on the unstable component. This ensures that pending reattacks are listed as expected [3],[4].
Conclusion
The way pending reattacks are listed was improved to prevent similar issues in the future, especially in scenarios with high activity. Monitoring will also be strengthened for background processes that manage this type of data to ensure better stability and visibility across the platform. INFRASTRUCTURE_ERROR < INCOMPLETE_PERSPECTIVE