Set-Sentinel returns with status code 400

[Nickteekw]

Hi there,

I have had used this module before and I didn't encounter any issue in setting a log analytic workspace to Sentinel until recently.

Getting error message status code 400 when command Set-Sentinel is used.

Your feedback in this matter is much appreciated.

Environment

Windows build number: Version 10.0.18363.1854
PowerShell version (if applicable): 7.2.0

Any other software?

Steps to reproduce

Set-AzContext -subscription <subscriptionId>

Set-AzSentinel -WorkspaceName log-aue-shared-sentinel-005

Expected behavior

Prompted with message to confirm to proceed below Confirm Are you sure you want to perform this action? Performing the operation "Set-AzSentinel" on target "Do you want to enable Sentinel for Workspace: /subscriptions/<subscriptionId>/resourcegroups/rg-aue-shared-sentinel-005/providers/microsoft.operationalinsights/workspaces/log-aue-shared-sentinel-005". [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): Y

Should be to set workspace to Sentinel without issue.

Actual behavior

Error returned with

Set-AzSentinel: Unable to enable Sentinel on log-aue-shared-sentinel-005 with error message: Response status code does not indicate success: 400 (Bad Request).

The error 400 happens when invoking request below inside function Set-AzSentinel.

$result = Invoke-webrequest -Uri $uri -Method Put -Headers $script:authHeader -Body ($body | ConvertTo-Json)

and I suspect it might be caused by 'SecurityInsights($workspace)' where $body hashtable below is constructed.

So I did a debug in powershell windows and noticed that the name still contains $workspace

Replaced with the following

'SecurityInsights({0})' -f $workspaceName

and workspace is to Sentinel without issue.

](https://github.com/wortell/AZSentinel/issues)