Troubleshooting Tip: Unable to create or update Alert records, fails with Internal server error

jankit6 · ‎10-20-2023

Description

This article describes how to troubleshoot and resolve the 'Create/update Alert record failure issue'.

Scope

FortiSOAR.

Solution

When creating or updating a new Alert record either manually or through a playbook, it may fail with an 'Internal server error' Popup on the GUI while still creating the record in the backend.
Check the Network logs to fetch the API that fails during record creation.

Alert create API fails.png

Prod.log:

php.CRITICAL: Uncaught Error: array_values(): Argument #1 ($array) must be of type array, int given {"exception":"[object] (TypeError(code: 0): array_values(): Argument #1 ($array) must be of type array, int given at /opt/cyops-api/src/Serializer/Normalizer/EfficientItemDeNormalizer.php:147)"} []

Steps that can help resolve the issue:

Review the playbooks that are triggered with the 'On create' step after alert record creation if the creation of a record fails.
Review the playbooks that are triggered with the 'On update' step when update records fail.
The playbooks may have incorrect conditions or regex errors that cause problems.
Occasionally, this issue may occur due to an inconsistent UUID of the module. Try removing the condition and adding it back.
Additionally, the condition with the Like / contains and Equal operator having a value with a special character could cause an issue.
If the issue persists, try deactivating the playbook and testing after.