Azure-Sentinel icon indicating copy to clipboard operation
Azure-Sentinel copied to clipboard

Published 20 hours ago verified publisher icon Azure

Sysmon Parser - 'extend' operator: Failed to resolve scalar expression named '["@Name"]'.

Open ETMRidge opened this issue 2 years ago • 5 comments

Describe the bug Using the Sysmon Parser(https://github.com/Azure/Azure-Sentinel/blob/master/Parsers/Sysmon/Sysmon-AllVersions_Parser.txt) to create an analytics rule. You are presented with the error: 'extend' operator: Failed to resolve scalar expression named '["@Name"]'.

To Reproduce Steps to reproduce the behavior:

  1. Create the following query in Azure Sentinel as an scheduled analytics rule: image
  2. This will present the error.

Expected behavior No error should occur.

Screenshots image

Desktop (please complete the following information):

  • OS: Windows 10
  • Browser Firefox
  • Version 102.0

Additional context Add any other context about the problem here.

ETMRidge avatar Jul 06 '22 09:07 ETMRidge

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

github-actions[bot] avatar Jul 06 '22 09:07 github-actions[bot]

Just to link a similar issue I found raised last year: https://github.com/Azure/Azure-Sentinel/issues/2200

ETMRidge avatar Jul 06 '22 10:07 ETMRidge

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

github-actions[bot] avatar Jul 12 '22 23:07 github-actions[bot]

We are still seeing this problem any plans to resolve?

WoodellJ avatar Sep 12 '22 19:09 WoodellJ

@WoodellJ : We merged the PR Could you please let us know still you are facing the issue ?

v-spadarthi avatar Oct 10 '22 08:10 v-spadarthi

@WoodellJ : We merged the PR Could you please let us know still you are facing the issue or issue got resolved ?

v-spadarthi avatar Oct 25 '22 08:10 v-spadarthi

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

github-actions[bot] avatar Nov 16 '22 06:11 github-actions[bot]

Hi @WoodellJ, We are closing this issue as its already addressed and we are not seeing this issue anymore. Please find the below screenshot for your reference. Please feel free to reopen if you need any further assistance on this. image Thanks

v-mchatla avatar Jan 09 '23 06:01 v-mchatla

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

github-actions[bot] avatar Jan 09 '23 06:01 github-actions[bot]

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

github-actions[bot] avatar Jan 09 '23 07:01 github-actions[bot]