Azure-Sentinel icon indicating copy to clipboard operation
Azure-Sentinel copied to clipboard

Published 20 hours ago verified publisher icon Azure

Azure Devops Pull Request Bypass does not mention pull request

Open hazcod opened this issue 2 years ago • 5 comments

Is your feature request related to a problem? Please describe.

The current rule that triggers an incident in Sentinel when Microsoft Azure DevOps audit log mentions a pull request bypass does not mention the pull request itself in the entities list, only the user.

Describe the solution you'd like The pull request URL to be mentioned in the entities.

hazcod avatar Oct 28 '22 05:10 hazcod

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

github-actions[bot] avatar Oct 28 '22 05:10 github-actions[bot]

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

github-actions[bot] avatar Dec 09 '22 08:12 github-actions[bot]

Hello hazcod Can you please elaborate this issue you are facing

v-prasadboke avatar Dec 16 '22 09:12 v-prasadboke

The incident created for this rule does not have the actual link to the pull request in the entities.

hazcod avatar Dec 16 '22 09:12 hazcod

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

github-actions[bot] avatar Jan 10 '23 12:01 github-actions[bot]

@hazcod Could you please specify which analytic rule you are taking about? Also could you please provide us an screenshot of error if available so that it will help us to investigate more. Thanks!

v-amolpatil avatar Feb 03 '23 10:02 v-amolpatil

@v-amolpatil : Azure DevOps Pull Request Policy Bypassing. This rule detection never mentions the pull request title as an entity.

hazcod avatar Feb 03 '23 10:02 hazcod

Hi @hazcod, We have deployed latest version with change and is available in Marketplace. Hence closing the issue. Feel free to reopen if you need any assistance.

v-amolpatil avatar Mar 02 '23 09:03 v-amolpatil

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

github-actions[bot] avatar Mar 02 '23 09:03 github-actions[bot]