Troubleshooting
Problem
The Behavioural Tree does show not on an alert page, instead showing "Failed to fetch"
Symptom
When a user is viewing a specific alert, the Behavioral Tree does not load, instead "Failed to fetch" appears in the Behavioral Tree section
An alert appears "Something went wrong contacting Hive" at the upper right of the screen.
An alert appears "Something went wrong contacting Hive" at the upper right of the screen.
Cause
The error occurs when the Behavioral Tree is too large to be loaded on the page, instead the Hive shows this error message. This issue happens with large, complex behavioural trees, often created by having too many events on the alert.
Diagnosing The Problem
If one tries to open the alert when this issue happens, the following console output can appear in the Browser's DevTools:
Endpoint info not yet loaded on incident details page, cannot check authorization main.XXXXXXXXXXXXXXXXX.bundle.js:1
Endpoint details loaded for incident - authorizing user main.XXXXXXXXXXXXXXXXX.bundle.js:1
XHRGET
https://<QRadar EDR URL here>/fapi/incident/<Alert ID here>/process-tree-v2?
[HTTP/1.1 500 Internal Server Error 434ms]
https://<QRadar EDR URL here>/fapi/incident/<Alert ID here>/process-tree-v2?
[HTTP/1.1 500 Internal Server Error 434ms]
XHRGET
https://<QRadar EDR URL here>/fapi/graphy/evaluate/<Alert ID here>?gid=<Group ID here>
[HTTP/1.1 512 unknown 214ms]
reducers/incidents (getProcessTreeNodes) error: Something went wrong contacting Hive. main.XXXXXXXXXXXXXXXXX.bundle.js:1
Uncaught (in promise) Error: Something went wrong contacting Hive.
O main.XXXXXXXXXXXXXXXXX.bundle.js:1
I main.XXXXXXXXXXXXXXXXX.bundle.js:1
e main.XXXXXXXXXXXXXXXXX.bundle.js:1
e main.XXXXXXXXXXXXXXXXX.bundle.js:1
E main.XXXXXXXXXXXXXXXXX.bundle.js:1
et main.XXXXXXXXXXXXXXXXX.bundle.js:1
t vendor.XXXXXXXXXXXXXXXXX.bundle.js:260968
d vendor.XXXXXXXXXXXXXXXXX.bundle.js:12456
L main.XXXXXXXXXXXXXXXXX.bundle.js:1
componentDidMount main.XXXXXXXXXXXXXXXXX.bundle.js:1
Us vendor.XXXXXXXXXXXXXXXXX.bundle.js:273276
nc vendor.XXXXXXXXXXXXXXXXX.bundle.js:273276
unstable_runWithPriority vendor.XXXXXXXXXXXXXXXXX.bundle.js:273589
go vendor.XXXXXXXXXXXXXXXXX.bundle.js:273276
rc vendor.XXXXXXXXXXXXXXXXX.bundle.js:273276
Wu vendor.XXXXXXXXXXXXXXXXX.bundle.js:273276
bo vendor.XXXXXXXXXXXXXXXXX.bundle.js:273276
unstable_runWithPriority vendor.XXXXXXXXXXXXXXXXX.bundle.js:273589
go vendor.XXXXXXXXXXXXXXXXX.bundle.js:273276
bo vendor.XXXXXXXXXXXXXXXXX.bundle.js:273276
yo vendor.XXXXXXXXXXXXXXXXX.bundle.js:273276
qu vendor.XXXXXXXXXXXXXXXXX.bundle.js:273276
n vendor.XXXXXXXXXXXXXXXXX.bundle.js:95629
e vendor.XXXXXXXXXXXXXXXXX.bundle.js:95629
e vendor.XXXXXXXXXXXXXXXXX.bundle.js:95629
g vendor.XXXXXXXXXXXXXXXXX.bundle.js:12456
t vendor.XXXXXXXXXXXXXXXXX.bundle.js:260968
e vendor.XXXXXXXXXXXXXXXXX.bundle.js:12456
me main.XXXXXXXXXXXXXXXXX.bundle.js:1
promise callback*me/< main.XXXXXXXXXXXXXXXXX.bundle.js:1
t vendor.XXXXXXXXXXXXXXXXX.bundle.js:260968
d vendor.XXXXXXXXXXXXXXXXX.bundle.js:12456
main.XXXXXXXXXXXXXXXXX.bundle.js:1
O main.XXXXXXXXXXXXXXXXX.bundle.js:1
I main.XXXXXXXXXXXXXXXXX.bundle.js:1
e main.XXXXXXXXXXXXXXXXX.bundle.js:1
e main.XXXXXXXXXXXXXXXXX.bundle.js:1
E main.XXXXXXXXXXXXXXXXX.bundle.js:1
et main.XXXXXXXXXXXXXXXXX.bundle.js:1
t vendor.XXXXXXXXXXXXXXXXX.bundle.js:260968
d vendor.XXXXXXXXXXXXXXXXX.bundle.js:12456
L main.XXXXXXXXXXXXXXXXX.bundle.js:1
componentDidMount main.XXXXXXXXXXXXXXXXX.bundle.js:1
Us vendor.XXXXXXXXXXXXXXXXX.bundle.js:273276
nc vendor.XXXXXXXXXXXXXXXXX.bundle.js:273276
unstable_runWithPriority vendor.XXXXXXXXXXXXXXXXX.bundle.js:273589
go vendor.XXXXXXXXXXXXXXXXX.bundle.js:273276
rc vendor.XXXXXXXXXXXXXXXXX.bundle.js:273276
Wu vendor.XXXXXXXXXXXXXXXXX.bundle.js:273276
bo vendor.XXXXXXXXXXXXXXXXX.bundle.js:273276
unstable_runWithPriority vendor.XXXXXXXXXXXXXXXXX.bundle.js:273589
go vendor.XXXXXXXXXXXXXXXXX.bundle.js:273276
bo vendor.XXXXXXXXXXXXXXXXX.bundle.js:273276
yo vendor.XXXXXXXXXXXXXXXXX.bundle.js:273276
qu vendor.XXXXXXXXXXXXXXXXX.bundle.js:273276
n vendor.XXXXXXXXXXXXXXXXX.bundle.js:95629
e vendor.XXXXXXXXXXXXXXXXX.bundle.js:95629
e vendor.XXXXXXXXXXXXXXXXX.bundle.js:95629
g vendor.XXXXXXXXXXXXXXXXX.bundle.js:12456
t vendor.XXXXXXXXXXXXXXXXX.bundle.js:260968
e vendor.XXXXXXXXXXXXXXXXX.bundle.js:12456
me main.XXXXXXXXXXXXXXXXX.bundle.js:1
promise callback*me/< main.XXXXXXXXXXXXXXXXX.bundle.js:1
t vendor.XXXXXXXXXXXXXXXXX.bundle.js:260968
d vendor.XXXXXXXXXXXXXXXXX.bundle.js:12456
main.XXXXXXXXXXXXXXXXX.bundle.js:1
Resolving The Problem
This behavior is a limitation of the product. Instead, the analysis can be performed by leveraging the aggregated events collected.
After analysis is complete, it is recommended to close the alert, as to reduce the number of events stockpiled on the Hive.
After analysis is complete, it is recommended to close the alert, as to reduce the number of events stockpiled on the Hive.
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSVOEH","label":"IBM Security ReaQta"},"ARM Category":[{"code":"a8m3p000000hBSSAA2","label":"Configuration-\u003EDetection"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Product Synonym
ReaQta
Was this topic helpful?
Document Information
Modified date:
09 May 2023
UID
ibm16987771