Trying to perform a 30 day search for a list of IOC's found in a Reference list using this query. I can run this in the UI but trying to run it via SOAR gives me error below any tips?
Error executing action Google Chronicle - Execute UDM Query. Reason: HTTPSConnectionPool(host='backstory.googleapis.com', port=443): Read timed out. (read timeout=120)
Hey @jasonsigman,
My suggestion would be to split the execution in 2 parts using the custom Time Frame option. So, you would split the search into 2 15 Day searches.
In the meantime, I will check internally with the team. This action is sync, so the timeout for it at max can reach 5 minutes. It looks like currently it stops execution after 2 minutes.
Thanks I will split it up for now. I was wondering why it felt like it stopped a lot sooner then expected. I am just worried about hitting the limit of 120 queries once we have this running on cases/alerts coming into the platform.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.