Troubleshooting
Problem
The sigma reference link in Cloud Pak for Security (CP4S) Threat Investigator produces 404 error upon viewing an attack pattern.
Symptom
Reviewing the attack pattern on an incident displays the sigma rule when it can be provided. The rule shows a SigmaHQ link to review the rule on GitHub:
However, this link gives a "404 page not found" on GitHub.
Cause
Threat Investigator leverages Detection and Response Center metadata to provide these links. If the metadata is old, then the links to the SigmaHQ rules are also old.
Resolving The Problem
- Navigate to the Incident and Response Center on the CP4S home page.
- Search for the rule name that you are getting the incorrect link then click the rule.
-
Click Other Attributes tab.
-
Look for External Link, then click it.Note: This action regenerates the metadata that Threat Investigator gets from the Incident and Response Center, which includes the correct link to the SigmaHQ rule.
- Validate the external link is working.
- Review the Sigma link again in Threat Investigator, which has the updated link.
Related Information
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSTDPP","label":"IBM Cloud Pak for Security"},"ARM Category":[{"code":"a8m0z0000001jrwAAA","label":"Threat Intelligence Insights"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
20 September 2022
UID
ibm16613855