mirror of
https://github.com/marcredhat/SIEM-toolkit-patched
synced 2026-06-08 12:33:51 +00:00
Cherry-pick improvements from PR #2 (marcredhat)
- s1_client: configurable PowerQuery timeout via SDL_PQ_TIMEOUT env var (default 600s, was hardcoded 120s) with separate connect/read timeouts via httpx.Timeout; retry on ReadTimeout via SDL_PQ_TIMEOUT_RETRIES; better error messages include query snippet and parse non-JSON responses - ingest: fix simulate-filter SDL syntax (== → =, drop leading | on base expression, surface PowerQuery error field, cleaner empty-filter fallback) - docker-compose: pass SDL_PQ_TIMEOUT and SDL_PQ_TIMEOUT_RETRIES through to backend container with sensible defaults Not taken from PR #2: - .gitignore parsers/* change — would untrack the 7 committed parser files - s1_client/quality/coverage changes already present in main from prior work Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Mick
@@ -16,6 +16,8 @@ services:
|
||||
- SDL_XDR_URL=${SDL_XDR_URL}
|
||||
- SDL_LOG_READ_KEY=${SDL_LOG_READ_KEY}
|
||||
- SDL_CONFIG_READ_KEY=${SDL_CONFIG_READ_KEY}
|
||||
- SDL_PQ_TIMEOUT=${SDL_PQ_TIMEOUT:-600}
|
||||
- SDL_PQ_TIMEOUT_RETRIES=${SDL_PQ_TIMEOUT_RETRIES:-1}
|
||||
- ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY}
|
||||
- DATABASE_URL=postgresql://siem:siem@db:5432/siem
|
||||
- DETECTIONS_FILE=/app/data/detections.json
|
||||
|
||||
Reference in New Issue
Block a user