AZSentinel icon indicating copy to clipboard operation
AZSentinel copied to clipboard

Published 20 hours ago verified publisher icon wortell

Bug Report: Issue with Taxii Data Connectors

Open Jd0dd opened this issue 3 years ago • 1 comments

Environment

Windows build number: [run "ver" at a command prompt]
PowerShell version (if applicable):

Any other software?

Steps to reproduce

Import-AzSentinelDataConnector -verbose

Expected behavior

Using the Import-AzSentinelDataConnector, list all of our data connectors in our subscription.

Actual behavior

I ran the Import-AzSentinelDataConnector -verbose and noticed we were getting no data from any of our GET requests from the api. We tried this against the 2020-01-01 api separately and there doesn't appear to be any data coming back.

I then tried this against the 2021-03-01-preview and we were able to retrieve our data for the data connectors.

Looks like the 2020-01-01 api is no longer suitable and should be updated in your Import-AzSentinelDataConnector.ps1

Jd0dd avatar Jun 21 '21 11:06 Jd0dd

I can confirm that I have seen this too. Microsoft appear not to no longer support Threat Intelligence Taxii's (list, create, update) in the 2020-01-01 API since early June 2021. However, they still support taxii's in the 2021-03-01-preview API.

The hard coding of the API version on line 354 of https://github.com/wortell/AZSentinel/blob/master/AzSentinel/Public/Import-AzSentinelDataConnector.ps1 is therefore not working anymore.

callumCD avatar Jul 06 '21 17:07 callumCD