Azure-Sentinel icon indicating copy to clipboard operation
Azure-Sentinel copied to clipboard

Published 20 hours ago verified publisher icon Azure

CrowdstrikeFalconAPISentinelConnector is ignoring secondary events

Open ZLT-ops opened this issue 3 years ago • 6 comments

Describe the bug CrowdstrikeFalconAPISentinelConnector is ignoring the secondary events that it pulls from the SQS URL

To Reproduce Steps to reproduce the behavior:

  1. Enable the integration between CrowdStrike and Sentinel using the ContentHub
  2. Input all the necessary fields
  3. Go to the function app in Azure
  4. See the Monitor

Expected behavior All the Events should be in Sentinel not just the raw events from the data file

Screenshots Screen Shot 2022-02-08 at 10 24 10 AM

image image image

Desktop (please complete the following information):

  • OS: MacOS
  • Browser: Chrome

ZLT-ops avatar Feb 08 '22 18:02 ZLT-ops

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

github-actions[bot] avatar Feb 08 '22 18:02 github-actions[bot]

Maybe it's because the Logsource has more than 500 properties, that is just a speculation

ZLT-ops avatar Feb 09 '22 00:02 ZLT-ops

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

github-actions[bot] avatar Feb 09 '22 21:02 github-actions[bot]

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

github-actions[bot] avatar Mar 01 '22 14:03 github-actions[bot]

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

github-actions[bot] avatar Apr 25 '22 02:04 github-actions[bot]

@ZLT-ops : This seems to be a very old problem, and this connector may have already had numerous updates, can you please check if your problem has been solved? Thanks!!

v-rucdu avatar Jan 06 '23 10:01 v-rucdu

@ZLT-ops As per previous comment closing this issue. Feel free to reopen the issue if you need more assistance. Thanks!

v-amolpatil avatar Feb 08 '23 17:02 v-amolpatil

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

github-actions[bot] avatar Feb 08 '23 17:02 github-actions[bot]