Azure-Sentinel icon indicating copy to clipboard operation
Azure-Sentinel copied to clipboard

Published 20 hours ago verified publisher icon Azure

Salesforce connector - Azure Function Select query from Salesforce env is not working

Open inbalsilis opened this issue 2 years ago • 3 comments

Describe the bug TimerInterval set by default as hourly, The Azure Function have condition: if interval == 'hourly': query = "/services/data/v44.0/query?q=SELECT+Id+,+EventType+,+Interval+,+LogDate+,+LogFile+,+LogFileLength" +
"+FROM+EventLogFile" +
f"+WHERE+Interval+=+'Hourly'+and+CreatedDate+>+{past_time}"

elif interval == 'daily':
    query = "/services/data/v44.0/query?q=SELECT+Id+,+CreatedDate+,+EventType+,+LogDate+,+LogFile+,+LogFileLength" + \
            "+FROM+EventLogFile" + \
            f"+WHERE+LogDate+>+{past_time}"

The salesforce env doesnt have Interval, so the Select with the interval==hourly not working and we get error back. When we changed the TimerInterval to daily, the select worked, and the Azure Function return success. Please note, the same connector with Salesforce Dev env, and hourly interval: worked. Please note, the same connector with Salesforce Enterprise/Prod env, and hourly interval: didnt worked.

To Reproduce Steps to reproduce the behavior:

  1. Go to Sentinel -> Connectors -> Salesforce and install Salesforce connector (remain with default setup)
  2. Go to Azure Functions-> Functions -> SalesforceSentinelConnector -> Monitor -> and check the status of the calls
  3. If error 400 exits, with sytext: File list getting failed
  4. Go to Function->Configuration-> Application Settings-> check the status of timeIntervl

Expected behavior The Function will connect without errors

Screenshots If applicable, add screenshots to help explain your problem. a7117f42-28bb-477f-8fb4-43ee1bdc834b

b3dea169-bcd9-4cc8-b66b-3492ecae5be3

Additional context Add any other context about the problem here. e7ec9c6e-274f-4db6-82e4-570d4bbba36b 4c3d91e8-e92b-42bc-962d-57cec611003d

inbalsilis avatar Aug 16 '22 10:08 inbalsilis

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

github-actions[bot] avatar Aug 16 '22 10:08 github-actions[bot]

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

github-actions[bot] avatar Oct 07 '22 20:10 github-actions[bot]

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

github-actions[bot] avatar Oct 07 '22 20:10 github-actions[bot]