000039287 - NetWitness ContextHub service stopping while deploying STIX feed

Document created by RSA Customer Support Employee on Sep 11, 2020
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000039287
Applies ToRSA Product Set: RSA NetWitness Platform
RSA Product/Service Type: Context Hub Service
RSA Version/Condition: 11.X
Platform: CentOS
O/S Version: 7
 
IssueWhile deploying STIX feed using Create a STIX Custom Feed, Context Hub Service stops immediately with below error.

/var/log/netwitness/contexthub-server/contexthub-server.log

2020-08-06 05:13:40,453 [unchMessageListenerContainer-7] ERROR c.r.a.l.e.t.LaunchMessageListenerContainer|Consumer thread error, thread abort.
java.lang.OutOfMemoryError: Java heap space
at java.util.Arrays.copyOf(Arrays.java:3332)
at java.lang.AbstractStringBuilder.ensureCapacityInternal(AbstractStringBuilder.java:124)
at java.lang.AbstractStringBuilder.append(AbstractStringBuilder.java:448)
at java.lang.StringBuilder.append(StringBuilder.java:136)
at com.rsa.asoc.contexthub.enrichment.stix.api.ParseRequest.toString(ParseRequest.java:16)
at java.lang.String.valueOf(String.java:2994)
CauseThis issue is due to feed file is above 300 MB size
WorkaroundPlease use below workarounds.
1. Ensure feed contents are <6 months old.
2. Ensure feed file size is below 300 MB.

If the issue still persists after applying above workarounds, please decrease the number of parallel threads available for processing STIX:
  • Go to Admin > Services > Context Hub service > View > Explore.
  • In the tree panel, go to enrichment/stix/ config.
  • In the right panel, set the stix-query-scheduler-pool-size field value to 2. By default the value is 5. This setting controls how many threads are allowed to process queries for STIX data at the same time.
  • Set the taxii-poll-scheduler-pool-size field value to 2. By default the value is 5. This setting controls how many threads are allowed to poll TAXII servers at the same time.
  • Restart the Context Hub server.

Attachments

    Outcomes