Azure-Sentinel icon indicating copy to clipboard operation
Azure-Sentinel copied to clipboard
verified publisher icon Azure

Enrich-SentinelIncident-MDATPTVM

Open noapocalypse opened this issue 2 years ago • 2 comments

Enrich-SentinelIncident-MDATPTVM

I believe the field names have changed for the Alert - Get Incident task.

Which means on running the playbook it attempts to query a path that looks something like the below

"/Cases///7a441234-b23c-4d88-e123-f123g123hi2j/"

And subsequently errors out with a 404

noapocalypse avatar Apr 21 '23 13:04 noapocalypse

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

github-actions[bot] avatar Apr 21 '23 13:04 github-actions[bot]

Looking through the playbook in more detail it's doing a number of things that have been replaced with easier methods.

Such as calling the old V2 Sentinel Incident Comment tasks, referring to none existent variables and using an old schema.

I'd recommend the whole playbook needs a rebuild. https://github.com/Azure/Azure-Sentinel/pull/7906 I've created a pull request with a version I believe resolves the issues.

@v-vdixit @v-rbajaj Feel free to check it out and see if it helps.

noapocalypse avatar Apr 24 '23 09:04 noapocalypse

Hi @noapocalypse, Thanks for flagging this. Will take a look at the PR and let you know!

v-rbajaj avatar May 12 '23 04:05 v-rbajaj

Hi @noapocalypse we are reviewing the PR, thanks!

v-vdixit avatar Jun 05 '23 08:06 v-vdixit

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

github-actions[bot] avatar Jun 21 '23 09:06 github-actions[bot]

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

github-actions[bot] avatar Jun 21 '23 09:06 github-actions[bot]

Hi @noapocalypse the PR is under review by the team, will update changes in PR, thanks!

v-vdixit avatar Jul 03 '23 09:07 v-vdixit

Hi @noapocalypse we are checking with the concerned team, will update you shortly, thanks!

v-vdixit avatar Jul 12 '23 10:07 v-vdixit

Internal team is working on this and checking further.

v-rbajaj avatar Jul 14 '23 08:07 v-rbajaj

We are waiting to hear back from concerned team, thanks!

v-vdixit avatar Jul 17 '23 12:07 v-vdixit

We are still waiting to hear back from the concerned team, thanks!

v-vdixit avatar Jul 19 '23 11:07 v-vdixit

Hi @noapocalypse, you will receive a final update on this issue by 25th July, 2023.

v-rbajaj avatar Jul 21 '23 08:07 v-rbajaj

Since the closed PR has many bugs, that can't be pushed, new PR for this playbook will be raised soon.

v-rbajaj avatar Jul 25 '23 11:07 v-rbajaj

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

github-actions[bot] avatar Jul 25 '23 15:07 github-actions[bot]

We are working and having a discussion internally on this

v-rbajaj avatar Jul 27 '23 10:07 v-rbajaj

We are working on this and having a discussion internally on this

v-rbajaj avatar Jul 31 '23 08:07 v-rbajaj

@manishkumar1991 @v-rbajaj the playbook can be released. Since, this is being published as an individual Sentinel Playbook and not being included part of the MDTI-Sentinel Content hub Solution.

ajkallur avatar Aug 01 '23 02:08 ajkallur

We are having an internal discussion on this issue.

v-rbajaj avatar Aug 04 '23 12:08 v-rbajaj

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

github-actions[bot] avatar Aug 08 '23 12:08 github-actions[bot]

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

github-actions[bot] avatar Aug 08 '23 12:08 github-actions[bot]

Waiting for update from the respective team.

v-rbajaj avatar Aug 16 '23 12:08 v-rbajaj

Hi all, we have raised a backlog item for this playbook and will discuss and update according to the discussions there.

v-rbajaj avatar Aug 29 '23 07:08 v-rbajaj