Mirrors/marcredhat-siem-toolkit-patched
1
0
Fork 0
mirror of https://github.com/marcredhat/SIEM-toolkit-patched synced 2026-06-10 21:31:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
0a01a56218d0e4b259eb07eb69d914d27a5fb73d
marcredhat-siem-toolkit-pat…/backend
T
History
marc 0a01a56218 Ingest Dashboard: 5min TTL cache + days->hours normalisation 
Dashboard reloads on multi-day windows could take 30-60s and sometimes
returned HTTP 502 ('internal Scalyr error') when the SDL window was
expressed in days. Two-part fix:

1. In-process async TTL cache (services/async_cache.py)
   - 5 min TTL on top-sources, by-event-type, daily-volume.
   - Single-flight lock per cache key (no thundering herd).
   - Optional ?nocache=1 query param to force a refresh.
   - New endpoints: GET /api/ingest/cache-stats, DELETE /api/ingest/cache.

2. Normalise days -> hours upstream of the PowerQuery
   - SDL is unstable on day-scale windows for large group-by counts on
     this tenant but stable on the equivalent hour-scale window.
   - top-sources?days=1 used to 502; now works.

Measured on Purple AI tenant:
  top-sources?days=7  cold 55.7s -> warm 13ms (~4300x)
  t  t  t  t  t  t  t  t  t    -> 4ms (cold) / 1.4ms (warm)
2026-05-22 20:10:03 +02:00
..
routers
Ingest Dashboard: 5min TTL cache + days->hours normalisation
2026-05-22 20:10:03 +02:00
services
Ingest Dashboard: 5min TTL cache + days->hours normalisation
2026-05-22 20:10:03 +02:00
db.py
Add health score, coverage trends, dependency map, PowerQuery playground, onboarding tracker
2026-05-22 11:09:43 -04:00
Dockerfile
Initial commit: SIEM Toolkit for SentinelOne
2026-05-19 11:39:26 -04:00
main.py
Add health score, coverage trends, dependency map, PowerQuery playground, onboarding tracker
2026-05-22 11:09:43 -04:00
requirements.txt
Initial commit: SIEM Toolkit for SentinelOne
2026-05-19 11:39:26 -04:00