Skip to main content

Understand Known Behaviors

The following behaviors are observed in Google SecOps when using the Cyware Intel Exchange integration. These are expected and do not indicate errors in the integration:

  • In Google SecOps, when applying time filters on the UDM Dashboard, there is a mismatch in results between the Dashboard time filter and the UDM Search time filter. Both filters are configured on the same field (graph.metadata.interval.start_time) and use the exact same time range. However, the counts returned are inconsistent.

  • Newly ingested entities often take additional time to appear on the dashboard. This latency impacts real-time monitoring and reduces the effectiveness of dashboards for time-sensitive investigations.

  • When filters are applied in Google SecOps dashboards, the drilldown functionality does not work as expected. Specifically, the timeframe displayed in drilldown results differs from the timeframe shown in the filtered results, leading to inconsistencies and misalignment between the two views.

  • When Cloud Run functions execute for more than 30 minutes, Cloud Scheduler will show a "Failed" status with 504 Gateway Timeout errors. This is expected behavior and does not indicate actual function failure. The Cloud Run function continues execution despite the timeout in Cloud Scheduler.

    Example error message:

    ERROR <timestamp> [httpRequest.requestMethod:POST] [httpRequest.status: 504] [httpRequest.responseSize: 72 B] [httpRequest.latency:1,799.798 s] [httpRequest.userAgent:Google-Cloud-Scheduler] https://<cloud_function_uri>