azure-powershell
azure-powershell copied to clipboard
Published
20 hours ago •
Azure
Azure
`Get-AzSecurityAlert` fails with `Object reference not set to an instance of an object.`
Description
Az.Security v1.6.0, Get-AzSecurityDetails errors with Object reference not set to an instance of an object., even though it successfully gets objects from Azure RM. This happens for one specific subscription, so it doesn't always fail.
Calling the API directly and convert it from JSON works fine. Example:
Invoke-AzRestMethod -Method 'Get' -Path ('/subscriptions/{0}/providers/Microsoft.Security/alerts?api-version=2022-01-01' -f (Get-AzContext).'Subscription'.'Id')
Maybe related to #23499?
Issue script & Debug output
Too much sensitive info, don't want to include that here.
After debug shows the raw JSON reply from Azure RM, this is outputted:
DEBUG: 10:45:56 - [ConfigManager] Got nothing from [DisableErrorRecordsPersistence], Module = [], Cmdlet = []. Returning default value [False].
DEBUG: 10:45:56 - [ConfigManager] Got nothing from [EnableDataCollection], Module = [], Cmdlet = []. Returning default value [True].
Get-AzSecurityAlert: Object reference not set to an instance of an object.
Environment data
Name Value
---- -----
PSVersion 7.4.1
PSEdition Core
GitCommitId 7.4.1
OS Microsoft Windows 10.0.22631
Platform Win32NT
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0
Module versions
ModuleType Version PreRelease Name ExportedCommands
---------- ------- ---------- ---- ----------------
Script 2.16.0 Az.Accounts {Add-AzEnvironment, Clear-AzConfig, Clear-AzContext, Clear-AzDefault…}
Script 5.2.1 Az.KeyVault {Add-AzKeyVaultCertificate, Add-AzKeyVaultCertificateContact, Add-AzKeyVaultKey, Add-AzKeyVaultManagedStorageAccount…}
Script 6.16.0 Az.Resources {Export-AzResourceGroup, Export-AzTemplateSpec, Get-AzDenyAssignment, Get-AzDeployment…}
Script 1.6.0 Az.Security {Add-AzSecurityAdaptiveNetworkHardening, Add-AzSecuritySqlVulnerabilityAssessmentBaseline, Confirm-AzSecurityAutomation, Disable-AzIotS…
Script 1.1.3 Az.Tools.Predictor {Disable-AzPredictor, Enable-AzPredictor, Open-AzPredictorSurvey, Send-AzPredictorRating}
Error output
PS > Resolve-AzError -Last
HistoryId: 84
Message : Object reference not set to an instance of an object.
StackTrace : at System.Linq.Enumerable.SelectListIterator`2.Fill(ReadOnlySpan`1 source, Span`1 destination, Func`2 func)
at System.Linq.Enumerable.SelectListIterator`2.ToList()
at Microsoft.Azure.Commands.Security.Models.Alerts.PSSecurityAlertConverters.ConvertToPSType(Alert value)
at System.Linq.Enumerable.SelectEnumerableIterator`2.ToList()
at Microsoft.Azure.Commands.Security.Cmdlets.Alerts.GetAlerts.ExecuteCmdlet()
at Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet.ProcessRecord()
Exception : System.NullReferenceException
InvocationInfo : {Get-AzSecurityAlert}
Line : Get-AzSecurityAlert -Debug
Position : At line:1 char:1
+ Get-AzSecurityAlert -Debug
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId : 84
PS >
Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @zivraf.
![microsoft-github-policy-service[bot] avatar](https://avatars.githubusercontent.com/in/95686?v=4 "Published by a pub.dev verified publisher"){kind=small}
I'm encountering a similar issue with Az.Security version 1.5.1. This problem only impacts certain subscriptions. However, it functions correctly with the API
Invoke-AzRestMethod -Method 'Get' -Path ('/subscriptions/{0}/providers/Microsoft.Security/alerts?api-version=2022-01-01' -f (Get-AzContext).'Subscription'.'Id')
(Subscription A Contains no Alerts Subscription B does)
Subscription A (No Issue)
DEBUG: 12:01:09 - [ConfigManager] Got nothing from [DisplaySecretsWarning], Module = [], Cmdlet = []. Returning default value [False].
DEBUG: 12:01:09 - [ConfigManager] Got nothing from [DisplayRegionIdentified], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 12:01:09 - [ConfigManager] Got nothing from [CheckForUpgrade], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: AzureQoSEvent: Module: Az.Security:1.5.1; CommandName: Get-AzSecurityAlert; PSVersion: 7.4.1; IsSuccess: True; Duration: 00:00:01.1092957
DEBUG: 12:01:09 - [ConfigManager] Got nothing from [EnableDataCollection], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 12:01:09 - GetAlerts end processing.
Subscription B (Issue)
DEBUG: 12:02:42 - [ConfigManager] Got nothing from [DisableErrorRecordsPersistence], Module = [], Cmdlet = []. Returning default value [False].
DEBUG: 12:02:42 - [ConfigManager] Got nothing from [EnableDataCollection], Module = [], Cmdlet = []. Returning default value [True].
Get-AzSecurityAlert: Object reference not set to an instance of an object.
DEBUG: 12:02:42 - [ConfigManager] Got nothing from [DisplayBreakingChangeWarning], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 12:02:42 - [ConfigManager] Got nothing from [DisplayRegionIdentified], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 12:02:42 - [ConfigManager] Got nothing from [CheckForUpgrade], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: AzureQoSEvent: Module: Az.Security:1.5.1; CommandName: Get-AzSecurityAlert; PSVersion: 7.4.1; IsSuccess: False; Duration: 00:00:01.6111966; Exception: Object reference not set to an instance of an object.;
DEBUG: 12:02:42 - GetAlerts end processing.
Module versions
ModuleType Version PreRelease Name ExportedCommands
---------- ------- ---------- ---- ----------------
Script 2.17.0 Az.Accounts {Add-AzEnvironment, Clear-AzConfig, Clear-AzContext, Clear-AzDefault…}
Script 1.5.1 Az.Security {Add-AzSecurityAdaptiveNetworkHardening, Add-AzSecuritySqlVulnerabilityAssessmentBaseline, Confirm-AzSecurityAutomation, Disable-AzIotSecurityAnalyticsAggregatedAlert…}
Script 0.0 chocolateyProfile {TabExpansion, Update-SessionEnvironment, refreshenv}
Manifest 7.0.0.0 Microsoft.PowerShell.Management {Add-Content, Clear-Content, Clear-Item, Clear-ItemProperty…}
Manifest 7.0.0.0 Microsoft.PowerShell.Utility {Add-Member, Add-Type, Clear-Variable, Compare-Object…}
Script 2.3.4 PSReadLine {Get-PSReadLineKeyHandler, Get-PSReadLineOption, Remove-PSReadLineKeyHandler, Set-PSReadLineKeyHandler…}
Environment data
Name Value
---- -----
PSVersion 7.4.1
PSEdition Core
GitCommitId 7.4.1
OS Microsoft Windows 10.0.22621
Platform Win32NT
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0
Error output
Resolve-AzError -Last
HistoryId: 3
Message : Object reference not set to an instance of an object.
StackTrace : at Microsoft.Azure.Commands.Security.Models.Alerts.PSSecurityAlertConverters.ConvertToPSType(AlertEntity value)
at Microsoft.Azure.Commands.Security.Models.Alerts.PSSecurityAlertConverters.<>c.<ConvertToPSType>b__3_0(AlertEntity aps)
at System.Linq.Enumerable.SelectListIterator`2.Fill(ReadOnlySpan`1 source, Span`1 destination, Func`2 func)
at System.Linq.Enumerable.SelectListIterator`2.ToList()
at Microsoft.Azure.Commands.Security.Models.Alerts.PSSecurityAlertConverters.ConvertToPSType(IEnumerable`1 value)
at Microsoft.Azure.Commands.Security.Models.Alerts.PSSecurityAlertConverters.ConvertToPSType(Alert value)
at Microsoft.Azure.Commands.Security.Models.Alerts.PSSecurityAlertConverters.<>c.<ConvertToPSType>b__1_0(Alert aps)
at System.Linq.Enumerable.SelectEnumerableIterator`2.ToList()
at Microsoft.Azure.Commands.Security.Models.Alerts.PSSecurityAlertConverters.ConvertToPSType(IEnumerable`1 value)
at Microsoft.Azure.Commands.Security.Cmdlets.Alerts.GetAlerts.ExecuteCmdlet()
at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletExtensions.<>c__3`1.<ExecuteSynchronouslyOrAsJob>b__3_0(T c)
at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletExtensions.ExecuteSynchronouslyOrAsJob[T](T cmdlet, Action`1 executor)
at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletExtensions.ExecuteSynchronouslyOrAsJob[T](T cmdlet)
at Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet.ProcessRecord()
Exception : System.NullReferenceException
InvocationInfo : {Get-AzSecurityAlert}
Line : Get-AzSecurityAlert
Position : At line:1 char:1
+ Get-AzSecurityAlert
+ ~~~~~~~~~~~~~~~~~~~
HistoryId : 3
I happen to raise support ticket with MS and they mention to resolve this error before Dec30 2024
@ScratchIV Meanwhile, I am trying to use which works fine if I am already authenticated Invoke-AzRestMethod -Method 'Get' -Path ('/subscriptions/{0}/providers/Microsoft.Security/alerts?api-version=2022-01-01' -f (Get-AzContext).'Subscription'.'Id')
Would you know how to make it work in automation account runbook
