search cancel

Status Code 429 "Too Many Requests" from ICDx while integrating with WSS

book

Article ID: 214726

calendar_today

Updated On:

Products

ICDx Integrated Cyber Defense Exchange

Issue/Introduction

The Integrated Cyber Defense Exchange (ICDx) dashboard shows gaps in log retrieval from the Web Security Service (WSS) collector. Reviewing the logs shows the following:

2021-03-31 09:21:58,559 [scheduled-worker] WARN  com.symantec.swss.WebSecurityServiceModule - Download failed, status code: 429, response: {
"message": "Access to api not allowed for another 54 seconds",
"error": "Too Many Requests",
}. Will retry in 55 seconds

 

 

Cause

As it states in the details, the code 429 indicates that too many requests are occurring. The following quote is from the WSS API documentation:

"Broadcom recommends that customers who create multiple copies of their cloud service archive data use a single download client and multiplex the data after it is downloaded. Thus, the Web Security Service imposes the throttle across all clients of the same customer regardless of client endpoint or API Key."

The above information is from the Web Security Service: Near Real-Time Log Sync Brief found here:

SIEM integration with Web Security Service

As it states above, the WSS API throttles per customer regardless of separate API keys or connection IPs. 

 

 

Environment

Release : 1.4

Component : swss_col_dx

Resolution

You must synchronize any connections to the WSS API such that the connections occur at least 5 minutes apart from each other.