PowerPlatformConnectors icon indicating copy to clipboard operation
PowerPlatformConnectors copied to clipboard
verified publisher icon microsoft

[BUG] FreshService Connector Not Adhering to Severity Levels

Open jackbaz opened this issue 1 year ago • 0 comments

Type of Connector

Certified Connector

Name of Connector

FreshService

Describe the bug

https://learn.microsoft.com/en-us/connectors/freshservice/

When an incident is triggered for this Logic App through Sentinel, it is not parsing the correct fields for Source and Severity.

Input of the API Job Run (not the entire body pasted)

{
  "requester_id": xxxxxxx,
  "subject": "xxxxx",
  "status": "Open",
  "priority": "High",
  "description": "Severity: High\xxxx

For instance, this was the request body on a "High" Sentinel Alert (not the entire body pasted below)

"fr_due_by": "2024-04-25T22:46:05Z",
    "id": 8,
    "priority": 1,
    "status": 2,
    "source": 3,
    "created_at": "2024-04-22T03:16:05Z",

The same issue is occurring for every severity type where the API Request is marking the priority as 1 regardless of severity level in Sentinel.

As per https://api.freshservice.com/#create_ticket High should be priority 3

Is this a security bug?

No, this is not a security bug

What is the severity of this bug?

Severity 1 - Connector is broken or there's a very serious issue

To Reproduce

Create Logic App as outlined here - https://thisismydemo.cloud/post/integrate-microsoft-sentinel-freshservice/ Run Playbook on any severity ticket within Sentinel

Expected behavior

The POST request should have the correct severity level as per Sentinel and the FreshService API

Environment summary

Azure Logic Apps/Sentinel

Additional context

N/A

jackbaz avatar Apr 22 '24 05:04 jackbaz