jramos/cve-dashboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Widen BU change query window to 60 minutes before anomaly timestamp

Browse Source 
The drift checker runs well before computeAnomalySummary writes to the
anomaly log (20+ minute gap in some syncs). The 10-minute window was
too narrow to capture the BU history records written during drift
checking. Widened to 60 minutes to reliably catch all records from
the same sync cycle.
This commit is contained in:
Jordan Ramos
2026-06-15 09:53:09 -06:00
parent a2234ccc1a
commit e1dfc35400
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
frontend/src/components/pages/AnomalyBanner.js
View File

@@ -247,14 +247,14 @@ export default function AnomalyBanner() {
setBuLoading(true); setBuLoading(true);
setBuExpanded(true); setBuExpanded(true);
try { try {
// Scope to changes detected around this anomaly's sync. // Fetch BU change records relevant to this anomaly.
// The drift checker writes BU history records slightly before the anomaly // Use a generous 60-minute window before sync_timestamp since the drift
// summary is recorded, so use a 10-minute window before sync_timestamp. // checker runs well before the anomaly summary is recorded.
const since = anomaly?.sync_timestamp || ''; const since = anomaly?.sync_timestamp || '';
let url; let url;
if (since) { if (since) {
const sinceDate = new Date(since); const sinceDate = new Date(since);
sinceDate.setMinutes(sinceDate.getMinutes() - 10); sinceDate.setMinutes(sinceDate.getMinutes() - 60);
url = `${API_BASE}/ivanti/findings/bu-changes?since=${encodeURIComponent(sinceDate.toISOString())}`; url = `${API_BASE}/ivanti/findings/bu-changes?since=${encodeURIComponent(sinceDate.toISOString())}`;
} else { } else {
url = `${API_BASE}/ivanti/findings/bu-changes?limit=50`; url = `${API_BASE}/ivanti/findings/bu-changes?limit=50`;