The integration is configured to collect vulnerability logs with an interval of 1 hour.
The integration has not collected any vulnerability logs for several hours because the export job is returning an "ERROR" status. It seems like the integration doesn't know how to handle this, and just keeps checking the status until it runs out of executions. Below is the response from the vulnerability export status API which shows the error.
{
"uuid": "01234567-89ab-cdef-0123-456789abcdef",
"status": "ERROR",
"chunks_available": [
1,
2
],
"chunks_failed": [],
"chunks_cancelled": [
3,
4,
5,
6,
7,
8,
9,
10,
11,
12,
13,
14,
15,
16,
17,
18,
19,
20
],
"total_chunks": 20,
"chunks_available_count": 2,
"empty_chunks_count": 0,
"finished_chunks": 2,
"filters": {
"severity": [
"HIGH",
"LOW",
"CRITICAL",
"MEDIUM",
"INFO"
],
"state": [
"REOPENED",
"FIXED",
"OPEN"
],
"since": 1783547760,
"first_found": 0,
"last_found": 0,
"last_fixed": 0,
"first_seen": 0,
"last_seen": 0,
"indexed_at": 0,
"indexed_at_end_value": 0,
"resurfaced_date": 0
},
"num_assets_per_chunk": 50,
"created": 1783551365000,
"reason": "An unexpected error occurred while processing the export. Try again later."
}
If there is an error then the integration should abandon the export job and create a new one. The new export should include all the data that would have been in the export with the error.
Integration Name
Tenable Vulnerability Management [packages/tenable_io]
Dataset Name
tenable_io.vulnerability
Integration Version
4.11.2
Agent Version
9.4.2
Agent Output Type
elasticsearch
Elasticsearch Version
9.4.2
OS Version and Architecture
Ubuntu 24.04 LTS (x86_64)
Software/API Version
No response
Error Message
No response
Event Original
No response
What did you do?
The integration is configured to collect vulnerability logs with an interval of 1 hour.
What did you see?
The integration has not collected any vulnerability logs for several hours because the export job is returning an "ERROR" status. It seems like the integration doesn't know how to handle this, and just keeps checking the status until it runs out of executions. Below is the response from the vulnerability export status API which shows the error.
What did you expect to see?
If there is an error then the integration should abandon the export job and create a new one. The new export should include all the data that would have been in the export with the error.
Anything else?
No response