Notifications

270 views

Description

  • com.snc.discovery.aws plugin is activated
  • The 'DescribeSnapshots' AWS action runs to get details of available EBS snapshots
  • All details are returned in a single large XML payload which is delivered back to the instance via an ecc_queue record - this payload can be many MB in size
  • The 'AWS ECS - DescribeSnapshots' sensor later runs to process the payload pulling it into heap on the corresponding application node
  • If the payload is large this can cause heap exhaustion / severe performance degradation on the corresponding application node
  • This large payload (and therefore heap exhaustion) can be avoided by adding 'MaxResults = 200' as an AWS Action Parameter to the 'DescribeSnapshots' AWS action

Steps to Reproduce

  • Run the 'AWS EC2 - DescribeSnapshots' probe / sensor in an environment with a large number of EBS snapshots
  • Confirm that the resulting payload is many Mb in size
  • Notice that the corresponding 'ASYNC: Discovery - Sensors' which runs to process the payload uses a large amount of heap

Workaround

1. Access the AWS Action DescribeSnapshots:

https://<instance>.service-now.com/nav_to.do?uri=aws_action.do?sys_id=a30053609f132100fbf01f80a57fcfd7

2. Under related list AWS Action Parameter related list, add the following parameter: 

Parameter Name = MaxResults 
Default value = 200 

3. Update the form


Related Problem: PRB1329337

Seen In

SR - SecOps - Configuration Compliance - New York 2019 Q3
SR - Security - Integration Framework - Madrid 2019 Q2
SR - Security - Support Common - Madrid 2019 Q2
SR - Security - Support Orchestration - Madrid 2019 Q2
SR - SIR - CrowdStrike Intel Integration - Madrid 2019 Q1
SR - SIR - Security Incident Response - Madrid 2019 Q2
SR - SIR - Store SecOps Setup Assistant - Madrid 2019 Q2
SR - SIR - Store Threat Core - Madrid 2019 Q2
SR - SIR - Store Trusted Security Circles Client - New York 2019 Q3
SR - SIR - Threat intelligence - New York 2019 Q3
SR - SIR - VirusTotal Integration - New York 2019 Q3
SR - VR - Qualys - New York 2019 Q3
SR - VR - Vulnerability Response - New York 2019 Q3

Fixed In

New York

Associated Community Threads

There is no data to report.

Article Information

Last Updated:2020-03-24 05:31:59
Published:2019-03-25