Running the mdr_index_tool produces unexpected output
search cancel

Running the mdr_index_tool produces unexpected output

book

Article ID: 246108

calendar_today

Updated On:

Products

Endpoint Detection and Response

Issue/Introduction

When running the mdr_index_tool with the '--list' and '--limit' options from the CLI of the Symantec Endpoint Detection and Response (SEDR) an error similar to the following is produced:

edr> mdr_index_tool --list --limit 100000
2022-07-15 19:56:41,140 INFO mdr_index_tool: running /opt/symantec/sgs-td/cli/sbin/mdr_index_tool.py
2022-07-15 19:56:41,150 ERROR mdr_index_tool: #listIndexesMetaData Error:
2022-07-15 19:56:41,150 ERROR mdr_index_tool: Failed to list mdr inexes
2022-07-15 19:56:41,150 ERROR mdr_index_tool: 'symantecinfra1#symantec-atp#configurations#Ml-X7O1LTZeAG1iFPjHVYA#managed_feature#prtns'
2022-07-15 19:56:41,150 ERROR mdr_index_tool: <type 'exceptions.KeyError'>
2022-07-15 19:56:41,151 ERROR mdr_index_tool: Traceback (most recent call last):
  File "/opt/symantec/sgs-td/cli/sbin/mdr_index_tool.py", line 275, in list_mdr_indexes
    pdata.update(process_db_dump(dbdump, file))
  File "/opt/symantec/sgs-td/cli/sbin/mdr_index_tool.py", line 428, in process_db_dump
    logging.debug("processed_data_size:{}".format(processed[data["id"]]))
KeyError: 'symantecinfra1#symantec-atp#configurations#Ml-X7O1LTZeAG1iFPjHVYA#managed_feature#prtns'

Cause

A logic error in the '--limit' option is preventing the option from being utilized.

Resolution

Broadcom Engineering has resolved this issue in EDR version 4.7.0. Please update to the latest EDR version (4.7.1) at your earliest convenience to receive this fix.  If you are unable to upgrade to EDR 4.7.1 please use the workaround steps listed below.

 

Workaround for EDR versions prior to 4.7.0:

As a temporary workaround use the mdr_index_tool with out the '--limit' option.