Skip to main content

FAQ and Common Issues

Use this page to quickly diagnose and resolve common AuroraSOC user-facing problems.

Before You Troubleshoot

Check these first:

  1. Are you logged in with the correct role?
  2. Is the API reachable at http://localhost:8000?
  3. Is the dashboard reachable at http://localhost:3000?
  4. Are required backend services healthy?

Login and Access Issues

Symptom: Login fails with unauthorized error

Possible causes:

  • Wrong credentials
  • Expired token/session
  • Misconfigured environment secret values

What to do:

  1. Retry login and verify username/password.
  2. Log out and log in again to refresh token.
  3. Ask an admin to verify your role and account status.

Symptom: I cannot see pages other users can see

Possible cause: role-based permissions differ.

What to do:

  1. Check Role-Based Access.
  2. Request the required role/permission from an admin.

Data and Refresh Issues

Symptom: Dashboard cards do not update

Possible causes:

  • API call failure
  • WebSocket disconnected
  • Upstream service lag

What to do:

  1. Refresh browser once.
  2. Confirm API health endpoint responds.
  3. Confirm alerts stream is receiving events.

Symptom: Alerts appear duplicated

Possible cause: source systems sending near-identical events across channels.

What to do:

  1. Check dedup hash fields in alert detail.
  2. Group by source and timestamp to verify true duplicates.

Investigation and Response Issues

Symptom: Investigation stays pending too long

Possible causes:

  • Worker queue backlog
  • Agent endpoint timeout
  • Dependency degradation

What to do:

  1. Check worker and agent service health.
  2. Retry investigation once backlog clears.
  3. Escalate to platform engineer if persistent.

Symptom: Playbook execution blocked

Possible causes:

  • Missing permission
  • Approval required
  • Playbook disabled

What to do:

  1. Verify your permissions and role.
  2. Check approvals queue and request status.
  3. Confirm the selected playbook is enabled.

CPS/IoT-Specific Issues

Symptom: Device shows untrusted attestation

What to do:

  1. Open device details in CPS/IoT Devices.
  2. Compare firmware version/hash with expected baseline.
  3. Escalate and isolate if policy requires.

Symptom: Physical-cyber correlation seems missing

What to do:

  1. Check correlation view and time window.
  2. Confirm both cyber and physical signals are present for the same period.

Frequently Asked Questions

Is AuroraSOC safe to use in production exactly as-is?

AuroraSOC includes strong production-oriented controls, but review deployment hardening guidance before full production rollout.

Can I run only part of the platform?

Yes. You can run core API and dashboard flows first, then progressively enable agents and advanced integrations.

Where do I find engineering-level diagnostics?

See Developer Monitoring and Developer Error Handling.

Escalation Matrix

SeverityExample ConditionEscalate ToTarget Response
LowUI rendering issue without data impactSOC operator leadSame business day
MediumDelayed investigation resultsPlatform engineer on-callWithin 2 hours
HighPlaybook execution blocked during active caseSecurity engineering leadWithin 30 minutes
CriticalWidespread auth failures or API outageIncident commander / SREImmediate

Data to Capture Before Escalation

Collect these details before opening an escalation ticket:

  1. Timestamp and timezone of issue occurrence
  2. User role and affected page/API endpoint
  3. Request ID or trace ID (if available)
  4. Screenshot/error message and reproduction steps
  5. Whether issue is reproducible or intermittent