Closed
Description
What is the bug?
A clear and concise description of the bug.
How can one reproduce the bug?
Steps to reproduce the behavior:
- Go to Security Analytics and create a detector.
- Follow up with correlation rules
- See errors in the logs:
[2024-02-07T15:38:48,297][ERROR][o.o.s.u.SecurityAnalyticsException] [25c1ef95a376d5b13cdbde33eaa50bbe] Security Analytics error:
java.lang.ArrayIndexOutOfBoundsException: Index 0 out of bounds for length 0
at org.opensearch.search.SearchHits.getAt(SearchHits.java:171)
at org.opensearch.securityanalytics.transport.TransportCorrelateFindingAction$AsyncCorrelateFindingAction$1.onResponse(TransportCorrelateFindingAction.java:269)
at org.opensearch.securityanalytics.transport.TransportCorrelateFindingAction$AsyncCorrelateFindingAction$1.onResponse(TransportCorrelateFindingAction.java:259)
at org.opensearch.action.support.TransportAction$1.onResponse(TransportAction.java:113)
at org.opensearch.action.support.TransportAction$1.onResponse(TransportAction.java:107)
at org.opensearch.performanceanalyzer.action.PerformanceAnalyzerActionListener.onResponse(PerformanceAnalyzerActionListener.java:55)
at org.opensearch.action.support.TimeoutTaskCancellationUtility$TimeoutRunnableListener.onResponse(TimeoutTaskCancellationUtility.java:132)
at org.opensearch.action.search.TransportSearchAction.lambda$executeRequest$0(TransportSearchAction.java:453)
at org.opensearch.core.action.ActionListener$1.onResponse(ActionListener.java:82)
at org.opensearch.core.action.ActionListener$5.onResponse(ActionListener.java:268)
at org.opensearch.action.search.AbstractSearchAsyncAction.sendSearchResponse(AbstractSearchAsyncAction.java:707)
at org.opensearch.action.search.ExpandSearchPhase.run(ExpandSearchPhase.java:132)
at org.opensearch.action.search.SearchPhase.recordAndRun(SearchPhase.java:59)
at org.opensearch.action.search.AbstractSearchAsyncAction.executePhase(AbstractSearchAsyncAction.java:456)
at org.opensearch.action.search.AbstractSearchAsyncAction.executeNextPhase(AbstractSearchAsyncAction.java:440)
at org.opensearch.action.search.FetchSearchPhase.moveToNextPhase(FetchSearchPhase.java:298)
at org.opensearch.action.search.FetchSearchPhase.lambda$innerRun$1(FetchSearchPhase.java:138)
at org.opensearch.action.search.CountedCollector.countDown(CountedCollector.java:66)
at org.opensearch.action.search.CountedCollector.onFailure(CountedCollector.java:85)
at org.opensearch.action.search.FetchSearchPhase$2.onFailure(FetchSearchPhase.java:257)
at org.opensearch.action.ActionListenerResponseHandler.handleException(ActionListenerResponseHandler.java:75)
at org.opensearch.action.search.SearchTransportService$ConnectionCountingHandler.handleException(SearchTransportService.java:753)
at org.opensearch.transport.TransportService$6.handleException(TransportService.java:903)
at org.opensearch.security.transport.SecurityInterceptor$RestoringTransportResponseHandler.handleException(SecurityInterceptor.java:418)
at org.opensearch.transport.TransportService$ContextRestoreResponseHandler.handleException(TransportService.java:1526)
at org.opensearch.transport.InboundHandler.lambda$handleException$3(InboundHandler.java:438)
at org.opensearch.common.util.concurrent.OpenSearchExecutors$DirectExecutorService.execute(OpenSearchExecutors.java:412)
at org.opensearch.transport.InboundHandler.handleException(InboundHandler.java:436)
at org.opensearch.transport.InboundHandler.handlerResponseError(InboundHandler.java:428)
at org.opensearch.transport.InboundHandler.messageReceived(InboundHandler.java:166)
at org.opensearch.transport.InboundHandler.inboundMessage(InboundHandler.java:123)
at org.opensearch.transport.TcpTransport.inboundMessage(TcpTransport.java:770)
What is the expected behavior?
The call should go through with the failure that detector is not found for given monitor id.
What is your host/environment?
- OS: [e.g. iOS]
- Version [e.g. 22]
- Plugins SAP with Correlations
Do you have any screenshots?
If applicable, add screenshots to help explain your problem.
Do you have any additional context?
Add any other context about the problem.