Azure-Sentinel
Azure-Sentinel copied to clipboard
Azure
Microsoft Exchange Security Review - Online workbook fails with "The name 'ESIEnvirnonment_s' does not refer to any known column, table or function"
Describe the bug Both the "Microsoft Exchange Security Review - Online" and "Microsoft Exchange Least Privilege with RBAC - Online" workbooks of the solution "Microsoft Exchange Security for Exchange Online" fails with "The name 'ESIEnvirnonment_s' does not refer to any known column, table or function"
To Reproduce Steps to reproduce the behavior: Installed the solution and setup the requierements. The runbook "Start-ESICollector" job runs without errors.
When I load the fuction ExchangeEnvironmentList it does not know about "ESIEnvironment_s"
The table ESIExchangeOnlineConfig_CL does not contain a column "ESIEnvironment_s"
Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Hi @MatthiasScharl ,Thanks for flagging this issue, we will investigate this issue and get back to you with some updates by 18Jan24. Thanks!
Hi @MatthiasScharl ,I am still working on replicating the issue as there are dependencies,so checking on it,if needed we can have a teams meeting for issue troubleshooting.
[like] Matthias Scharl reacted to your message:
From: Murali Krishna Dev Uppugunduri @.> Sent: Thursday, January 18, 2024 4:01:34 PM To: Azure/Azure-Sentinel @.> Cc: Matthias Scharl @.>; Mention @.> Subject: Re: [Azure/Azure-Sentinel] Microsoft Exchange Security Review - Online workbook fails with "The name 'ESIEnvirnonment_s' does not refer to any known column, table or function" (Issue #9757)
Hi @MatthiasScharlhttps://github.com/MatthiasScharl ,I am still working on replicating the issue as there are dependencies,so checking on it,if needed we can have a teams meeting for issue troubleshooting.
— Reply to this email directly, view it on GitHubhttps://github.com/Azure/Azure-Sentinel/issues/9757#issuecomment-1898765103, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AWQ25PZQVD5MCDXJXRVMP73YPFBN5AVCNFSM6AAAAABBYE76T2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQOJYG43DKMJQGM. You are receiving this because you were mentioned.Message ID: @.***>
Hi @MatthiasScharl ,As discussed over teams, Blocked your time tomorrow for a discussion on this issue as having queries,Please join the meeting.
Hi @v-muuppugund, I did not receive any communications from you via Teams. Not sure to whom you have talked to.
Hi @MatthiasScharl ,Apologies for the delayed response, Could you please follow the below steps
- Open the log Analytics work space used in automation account -->Navigate under settings->Tables->Check the Table i.e. ESIExchangeOnlineConfig_CL is Cutom table or Custom(classic),its should be custom classic table then its not editable,if its custom table we can edit column with "ESIEnvironment_s" instead of ESIEnvironment_g.
2.Please check any data in ESIExchangeOnlineConfig_CL ,I am assuming its on first run,if no data exists then delete this table and update the varaibles of Tenant with Tenant name from Microsoft Entra ID,please refer below screen shots for reference,
Then go Automation account ->Open Run Book->Start the job,Please refer below screen shots for reference
After the job is successful, then the table will be created in the respective log analytics with correct column as "ESIEnvironment_s"
Please let me know if you have any issues.
We have created a bug for this issue and will be working on it https://github.com/nlepagnez/ESI-PublicContent/issues/8
HI @MatthiasScharl ,Gentle Reminder,Could you please check above steps and let us know if any issues.
Hello @v-muuppugund. The table ESIExchangeOnlineConfig_CL in my workspace is a Custom table (classic). I have deleted it and ran the collector again. The job completes with
but shows the following error
The table ESIExchangeOnlineConfig_CL was not re-created.
Hi @MatthiasScharl ,maximum job stream limit is 1MB i.e. A single steam job cannot be more than 1MB,Please find below link for reference https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/azure-subscription-service-limits#automation-limits
Will investigate with detailed analysis and get back to you with an update,which command causing more size we need check,if needed we can have a teams meeting for the same.
Hi @MatthiasScharl , I have verified the code, but unable to replicate the issue as don't have sufficient permissions at tenant level, Could you please share couple of time slots for a team's meeting to ([email protected])
HI @MatthiasScharl ,As discussed over call,Scheduled teams meeting on monday for further trouble shooting,Please join the meeting.
Hi @MatthiasScharl ,As discussed yesterday over teams meeting,able to set up local environment for debugging the run book,today will have one more session for troubleshooting the issue.
Hi @MatthiasScharl ,As discussed on last Wednesday ,issue has fixed after local debugging from VS code and unable connect with you after wards,Please let me know when we can connect on next steps on this issue to check the deployed one
Hi @MatthiasScharl, Hope you are doing well. Our team has waiting for your response on above comment. Thanks!
Hi @MatthiasScharl ,As discussed over teams today,will be blocking your calendar on 26/2 or 27/2 at 9:30pm IST
Hi @MatthiasScharl ,As discussed over team's call, the issue has been fixed, we are closing your issue (https://github.com/Azure/Azure-Sentinel/issues/9757). If you still need support for this issue, feel free to re-open at any time. Thank you for your co-operation!