Azure-Sentinel
Azure-Sentinel copied to clipboard
Azure
Anomaly "Suspicious volume of AWS write API calls from a user account" title has a trailing space
Describe the bug
In Anomalies table, the events of the rule "Suspicious volume of AWS write API calls from a user account" in the column RuleName have a trailing space.
To Reproduce Steps to reproduce the behavior:
- Go to a LogAnalytics workspace with the Anomalies table, and some generated events of the Anomaly rule "Suspicious volume of AWS write API calls from a user account"
- Run
Anomalies
| where RuleName endswith "Suspicious volume of AWS write API calls from a user account "
- Observe the returned events of the mentioned rule.
- Run
Anomalies
| where RuleName endswith "Suspicious volume of AWS write API calls from a user account"
- Observe the previous events do not appear.
Expected behavior The second query with no events should return events.
Screenshots
Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.
Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.
Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.
Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.
Sorry @v-dixit I can't diagnose if this issue is still happening, because I have not received any event of this Anomaly type for a long time. The only way to know if this issue was resolved, would be to question the Anomaly team at Sentinel. This issue should be something that has happened in every Sentinel workspace.
@ep3p thanks for your update we will connect with the Anomaly team and update you, thanks!
Hi @ep3p we are discussing on this will update you shortly, thanks for your patience.
Hi @ep3p we are working on this, will provide you update by end of this week, thanks!
Hi @ep3p we are working with concerned team, will update you before end of this week, thanks!
Hi @ep3p we are unable to find an instance where the rule name has trailing space, can you please confirm if this issue can be closed, we will keep an eye out for this error, thanks!
@v-vdixit then we should assume this issue has been fixed by the Sentinel team, please, you could consider this issue solved and closed
Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.