Darktrace Adapter #249
Darktrace Adapter #249
Conversation
|
/gcbrun |
maximelb
left a comment
maximelb
left a comment
There was a problem hiding this comment.
Code review comments with suggestions
- Fix silent error loss in submitEvents when Ship() returns non-BufferFull error - Remove duplicate error logging in doRequest for non-200 responses - Use correct context (rootCtx) for USP client initialization - Rename DarkTraceAdapter to DarktraceAdapter for consistent naming - Rename doWithRetry to doRequest (only retries on 429) - Remove trailing whitespace - Add newline at end of file 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]>
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
This PR is being reviewed by Cursor Bugbot
Details
You are on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle.
To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.
The InitialLookback field intentionally defaults to zero, meaning the adapter starts fetching events from the current moment forward with no historical lookback. This is the desired behavior as adapters run ephemerally and lookback is mainly for manual backfill jobs. Add a comment to document this intentional default behavior. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]>
|
/gcbrun |
| if len(items) > 0 { | ||
| since[api.Key] = cycleTime.Add(-queryInterval * time.Second) | ||
| allItems = append(allItems, items...) | ||
| } |
There was a problem hiding this comment.
Bug: Query timestamp never advances during quiet periods
The since timestamp is only updated when events are returned (len(items) > 0). During quiet periods with no new events, the since timestamp never advances, causing the query time window to grow indefinitely. Each subsequent poll queries from the original since to the current time, potentially fetching increasingly large time ranges. The timestamp update needs to happen unconditionally after a successful fetch to ensure time progression even when no events are found.
3 participants
Darktrace Adapter
Type of change
Note
Add Darktrace adapter and wire it into config and runner to ingest AI Analyst and Model Breach events.
darktraceadapter (darktrace/client.go): polls AI Analyst and Model Breach endpoints with time-windowed queries, HMAC auth/signing, dedupes via SHA-256 log hashing, handles 429 backoff, and ships events to USP with configurable initial lookback and graceful shutdown.DarktraceConfigincontainers/conf/all.go.darktraceintocontainers/general/tool.goto construct and run the adapter with standard client options.Written by Cursor Bugbot for commit 953e1b5. This will update automatically on new commits. Configure here.