[Bug] Cortex analysis seems unknown to TheHive

[Passimist]

Work Environment

| Question | Answer
Scalligraph 0.1.0-SNAPSHOT
TheHive 4.0.2-1
Play 2.8.5
CORTEX 3.0.1-1 (OK)

Problem Description

I started the Joesandbox Analyzer for an URL observable. The webinterface never showes the analyzer as finished it still has the spinning symbol:

In TheHive application.log there is following error message, which I have not seen before: (I replaced some unimportant parts with < ANALYZED URL > and < LONG SUCCESSFULL SANDBOX REPORT >

2020-12-21 09:05:06,612 [ERROR] from org.thp.thehive.connector.cortex.services.CortexActor in application-akka.actor.default-dispatcher-20838 [|] CortexActor
received job output OutputJob(AXaEUDHAZ4wuNd9UinAz,13bde680d81e1f88df8cecc486c4e9cf,JoeSandbox_Url_Analysis_2_0,JoeSandbox_Url_Analysis_2_0,Mon Dec 21 09:00
:16 CET 2020,Some(Mon Dec 21 09:00:17 CET 2020),Some(Mon Dec 21 09:05:02 CET 2020),Success,Some(< ANALYZED URL >)None,thehive,url,Some(OutputRe
port(Vector(OutputMinireport(safe,JSB,Report,"0/100")),Some({"signatures":"","startdate":"21/12/2020",< LONG SUCCESSFULL SANDBOX REPORT >, Vector(),None,None)),analyzer) but did not have it in state List(CheckJob(Some(~165
372024),AXaEUFSlZ4wuNd9UinA5,None,LOCAL CORTEX,POST /api/connector/cortex/job), CheckJob(Some(~206475368),AXaEUFDKZ4wuNd9UinA4,None,LOCAL CORTEX,POST /api/co
nnector/cortex/job), CheckJob(Some(~85110872),AXaEUEzAZ4wuNd9UinA3,None,LOCAL CORTEX,POST /api/connector/cortex/job), CheckJob(Some(~165363832),AXaEUEhmZ4wuN
d9UinA2,None,LOCAL CORTEX,POST /api/connector/cortex/job), CheckJob(Some(~124379264),AXaEUDiqZ4wuNd9UinA1,None,LOCAL CORTEX,POST /api/connector/cortex/job),
CheckJob(Some(~124354560),AXaEUDS4Z4wuNd9UinA0,None,LOCAL CORTEX,POST /api/connector/cortex/job), CheckJob(Some(~124477552),AXaET_ABZ4wuNd9UinAn,None,LOCAL CORTEX,POST /api/connector/cortex/job))

In Cortex webinterface it shows the job with the ID AXaEUDHAZ4wuNd9UinAz as successfull.
The Cortex application.log contains this message multiple times:

2020-12-21 09:05:02,620 [INFO] from org.thp.cortex.services.ErrorHandler in application-akka.actor.default-dispatcher-7 - GET /api/job/AXaEUDHAZ4wuNd9UinAz/waitreport?atMost=1%20second returned 500
akka.pattern.AskTimeoutException: Ask timed out on [Actor[akka://application/user/audit#119536714]] after [1000 ms]. Message of type [org.thp.cortex.services.AuditActor$Register]. A typical reason for AskTimeoutException is that the recipient actor didn't send a reply.
at akka.pattern.PromiseActorRef$.$anonfun$defaultOnTimeout$1(AskSupport.scala:635)
at akka.pattern.PromiseActorRef$.$anonfun$apply$1(AskSupport.scala:650)
at akka.actor.Scheduler$$anon$4.run(Scheduler.scala:205)
at scala.concurrent.Future$InternalCallbackExecutor$.unbatchedExecute(Future.scala:874)
at scala.concurrent.BatchingExecutor.execute(BatchingExecutor.scala:113)
at scala.concurrent.BatchingExecutor.execute$(BatchingExecutor.scala:107)
at scala.concurrent.Future$InternalCallbackExecutor$.execute(Future.scala:872)
at akka.actor.LightArrayRevolverScheduler$TaskHolder.executeTask(LightArrayRevolverScheduler.scala:328)
at akka.actor.LightArrayRevolverScheduler$$anon$3.executeBucket$1(LightArrayRevolverScheduler.scala:279)
at akka.actor.LightArrayRevolverScheduler$$anon$3.nextTick(LightArrayRevolverScheduler.scala:283)
at akka.actor.LightArrayRevolverScheduler$$anon$3.run(LightArrayRevolverScheduler.scala:235)
at java.lang.Thread.run(Thread.java:748)

This might be releated to #1718 in some way since I noticed that the observable that was analyzed in thise case has been added to the case twice.

Steps to Reproduce

Sadly I dont know how to reproduce this issue, but it has occurred multiple times for me by now.