Troubleshooting
Solutions to the most common BrainPredict Cyber deployment and operational issues.
Common Issues
Connector authentication fails
Symptoms: 401 Unauthorized from SIEM API
- •OAuth token expired (default TTL 3600s)
- •Client secret rotated in identity provider
- •Insufficient API permissions on the service principal
Re-generate credentials in the SIEM portal and update via client.update_connector(connector_id, client_secret="NEW_SECRET")
Alert storm — high volume low-severity alerts
Symptoms: SOC queue > 10,000 alerts / hour
- •Threshold too low (default 50 — increase to 70)
- •Vulnerability scanner not whitelisted
- •Noisy data source recently onboarded
POST /api/v1/config/thresholds { "min_score": 70 } — verify with GET /api/v1/soc/queue?limit=5
Model drift detected
Symptoms: /api/v1/models/health returns drift_score > 0.15
- •New attack patterns not in training data
- •Environment change (new cloud region, new CIDR)
- •SIEM schema change causing feature shift
Trigger retraining: POST /api/v1/models/{model_id}/retrain — completes in 4–6 hours