Azure-Sentinel icon indicating copy to clipboard operation
Azure-Sentinel copied to clipboard

Published 20 hours ago verified publisher icon Azure

Query: Entra ID Local Device Join Information and Transport Key Registry Keys Access

Open rogfleming opened this issue 1 year ago • 3 comments

Describe the bug Query fails to run as a Sentinel Hunting Query or a Sentinel Analytics. The query does work in Log Analytics Workspace

To Reproduce Steps to reproduce the behavior:

  1. Go to 'Sentinel click on Analytics
  2. Click on 'create schedle alert'
  3. Scroll down to 'add query to query section
  4. Server Error, view query results works fine, but cannot save alert rule

Expected behavior Rule should save, query should function

Screenshots If applicable, add screenshots to help explain your problem.

The server encountered a temporary error and could not complete your request.

Desktop (please complete the following information):

  • OS: [e.g. iOS] Windows 10
  • Browser [e.g. chrome, safari] Edge
  • Version [e.g. 22]

Smartphone (please complete the following information):

  • Device: [e.g. iPhone6]
  • OS: [e.g. iOS8.1]
  • Browser [e.g. stock browser, safari]
  • Version [e.g. 22]

Additional context Azure Gov Environment

rogfleming avatar Jan 31 '24 12:01 rogfleming

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

github-actions[bot] avatar Jan 31 '24 12:01 github-actions[bot]

Hi @rogfleming ,Could you please share more details with screen shot,Which solution,Which query you are facing the issue?

v-muuppugund avatar Feb 01 '24 06:02 v-muuppugund

Hi @rogfleming, Gentle Reminder: We are waiting for your response on this issue. If you still need to keep this issue active, please respond to it in the next 2 days. If we don't receive a response by 13-02-2023 date, we will be closing this issue. Thanks!

v-sudkharat avatar Feb 09 '24 11:02 v-sudkharat

ince we have not received a response in the last 5 days, we are closing your issue (https://github.com/Azure/Azure-Sentinel/issues/9874) as per our standard operating procedures. If you still need support for this issue, feel free to re-open at any time. Thank you for your co-operation!

v-muuppugund avatar Feb 14 '24 02:02 v-muuppugund