Only 2500 newest submissions get event logs

[fennellkyle]

If track_states=True then the HTTP request to the API has a parameter of limit=2500 with no offset so the response only contains the 2500 newest Bugcrowd submissions. For a large enterprise that now has close to 10000 submissions, there are no events created in Splunk for the older submissions that may take a while to get resolved. Just about anything a year older doesn't create events.

1 solution could be using the offset and loop until all submissions are returned.

[hRun]

Hi Kyle,

I think I was aware of this potential issue when I implemented the add-on but accepted it as at the time the limit was far out of sight (for my own and probably most other companies). On higher limits requests would eventually timeout and no events would be returned altogether. So this was the easiest, admittedly quite dirty solution. I'lll look into your suggested solution which sounds like the way to properly handle this.

Unfortunately I don't have access to a well filled Bugcrowd program anymore. I'll have to see how I can make do with Bugcrowd's test-program API and will hopefully get back to you over the course of next week.

Cheers,
hRun

[fennellkyle]

I have the opposite issue, I have a well filled Bugcrowd program but don't have a local/dev instance of Splunk to test against.
I have worked out the changes, if you want me to submit a pull.

[hRun]

A pull request would be very appreciated. I'll likely have the opportunity to verify and test your proposed changes over the course of next week.