Azure-Sentinel icon indicating copy to clipboard operation
Azure-Sentinel copied to clipboard
verified publisher icon Azure

could not receive logs after configuring Tenable.io Vulnerability Management (Preview)

Open IDCheryl opened this issue 3 years ago • 6 comments

Describe the bug After creating Tenableio in Content hub, then deployed ARM for Data connector: Tenable.io Vulnerability Management (Preview) waiting more than 48hours, no data could be received

To Reproduce Steps to reproduce the behavior:

  1. Go to 'Content hub' >> search Tenable, create Tenable solution
  2. Click on 'Data connector' >> search "Tenable.io Vulnerability Management (Preview)" >> choose Azure Resource Manager (ARM) Template to deploy function app with workspace ID& key and TenableAccessKey and TenableSecretKey
  3. After waiting 48hours, go to logs and query "Tenable_IO_Assets_CL"
  4. See error

image

Expected behavior Logs should be received after configuring data connector

Screenshots If applicable, add screenshots to help explain your problem. image

IDCheryl avatar May 31 '22 14:05 IDCheryl

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

github-actions[bot] avatar May 31 '22 14:05 github-actions[bot]

@IDCheryl did you ran parser after deployed solution?

dneto82 avatar Jun 02 '22 21:06 dneto82

Hello @dneto82 , I have not yet ran parser. I'm trying to query Tenable_IO_Assets_CL this original data type, no data returned. Below is the error message I found, could you please suggest what the problem and how can i address it? error

IDCheryl avatar Jun 03 '22 00:06 IDCheryl

Hello @dneto82

Tenant permission has been updated to administrator now, and i could observe the Tenable_IO_Assets_CL logs now.

However I could still not observe any Tenable_IO_Vulns_CL logs. I have checked the function app. Success timestamp already exists.

Error message attached. vul

and I've seen someone commented for this solution as well, I've encounter just the same issue here. comments

i could see the assest data ingested but no vuln data. Please kindly help fix

IDCheryl avatar Jun 03 '22 03:06 IDCheryl

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

github-actions[bot] avatar Jan 10 '23 12:01 github-actions[bot]

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

github-actions[bot] avatar Jan 10 '23 12:01 github-actions[bot]

Hi @IDCheryl, thank you for flagging this. Apologies for the delayed response. If you still need assistance, please reply here within 5 business days.

v-amolpatil avatar Jan 20 '23 08:01 v-amolpatil

Since we have not received a response in the last 5 days, we are closing your issue #5174 as per our standard operating procedures. If you still need support for this issue, feel free to re-open at any time. Thank you for your co-operation.

v-amolpatil avatar Jan 31 '23 13:01 v-amolpatil

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

github-actions[bot] avatar Jan 31 '23 13:01 github-actions[bot]