After performing the Stage 2 migration of the SOAR environment, we started experiencing intermittent issues when accessing the SecOps (SIEM) web interface.
At certain moments, specific pages fail to load and remain stuck in an infinite loading state (loading spinner displayed indefinitely, with no content rendered).
Technical Analysis:
-
Using browser DevTools (Network tab), we identified that one of the backend endpoints is returning HTTP 403 (Forbidden) during page load.
-
This behavior appears to be session-related:
-
When accessing the SIEM using a clean browser session (no cookies/cache), the page loads successfully.
-
However, after navigating the platform (e.g., opening another page in a new tab), the issue reoccurs and the page gets stuck loading again.
-
Observed Behavior:
-
Infinite loading (UI does not render data)
-
Backend request returning 403
-
Issue reproducible after session reuse/navigation
Expected Behavior:
-
Pages should load consistently regardless of session reuse or navigation between tabs
log explorer:
{
"protoPayload": {
"@type": "type.googleapis.com/google.cloud.audit.AuditLog",
"status": {
"code": 7,
"message": "{\"errorCode\":2000,\"errorMessage\":\"You cannot access other users localization settings\",\"innerException\":null,\"innerExceptionType\":null,\"correlationId\":\"5a96a48cd50b45a4ae5b805f2328bf53\"}"
},
"authenticationInfo": {
"oauthInfo": {
"oauthClientId": "anonymous"
}
},
"requestMetadata": {
"callerIp": "*********",
"callerSuppliedUserAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36 Edg/146.0.0.0,gzip(gfe)",
"requestAttributes": {
"time": "2026-03-18T15:28:50.993083525Z",
"auth": {}
},
"destinationAttributes": {}
},
"serviceName": "chronicle.googleapis.com",
"methodName": "google.cloud.chronicle.v1alpha.UserLocalizationService.GetUserLocalization",
"authorizationInfo": [
{
"resource": "projects/***********/locations/us/instances/***********/legacySoarUsers/***********/localization",
"permission": "chronicle.userLocalizations.get",
"granted": true,
"resourceAttributes": {},
"permissionType": "DATA_READ"
}
],
"resourceName": "projects/***********/locations/us/instances/***********/legacySoarUsers/***********/localization",
"request": {
"name": "projects/***********/locations/us/instances/***********/legacySoarUsers/***********/localization",
"@type": "type.googleapis.com/google.cloud.chronicle.v1alpha.GetUserLocalizationRequest"
}
},
"insertId": "1desjrpe1ctmg",
"resource": {
"type": "audited_resource",
"labels": {
"project_id": "*********",
"service": "chronicle.googleapis.com",
"method": "google.cloud.chronicle.v1alpha.UserLocalizationService.GetUserLocalization"
}
},
"timestamp": "2026-03-18T15:28:50.973216758Z",
"severity": "ERROR",
"logName": "projects/*********/logs/cloudaudit.googleapis.com%2Fdata_access",
"receiveTimestamp": "2026-03-18T15:28:51.786757750Z"
}