Enrich-SentinelIncident-MDATPTVM #7887
Comments
|
Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal. |
|
Looking through the playbook in more detail it's doing a number of things that have been replaced with easier methods. Such as calling the old V2 Sentinel Incident Comment tasks, referring to none existent variables and using an old schema. I'd recommend the whole playbook needs a rebuild. #7906 I've created a pull request with a version I believe resolves the issues. @v-vdixit @v-rbajaj Feel free to check it out and see if it helps. |
|
Hi @noapocalypse, Thanks for flagging this. Will take a look at the PR and let you know! |
|
Hi @noapocalypse we are reviewing the PR, thanks! |
v-vdixit
added
Playbook
|
Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal. |
1 similar comment
|
Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal. |
|
Hi @noapocalypse the PR is under review by the team, will update changes in PR, thanks! |
|
Hi @noapocalypse we are checking with the concerned team, will update you shortly, thanks! |
|
Internal team is working on this and checking further. |
|
We are waiting to hear back from concerned team, thanks! |
|
We are still waiting to hear back from the concerned team, thanks! |
|
Hi @noapocalypse, you will receive a final update on this issue by 25th July, 2023. |
|
Since the closed PR has many bugs, that can't be pushed, new PR for this playbook will be raised soon. |
|
Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal. |
|
We are working and having a discussion internally on this |
|
We are working on this and having a discussion internally on this |
|
@manishkumar1991 @v-rbajaj the playbook can be released. Since, this is being published as an individual Sentinel Playbook and not being included part of the MDTI-Sentinel Content hub Solution. |
|
We are having an internal discussion on this issue. |
|
Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal. |
1 similar comment
|
Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal. |
|
Waiting for update from the respective team. |
|
Hi all, we have raised a backlog item for this playbook and will discuss and update according to the discussions there. |
Enrich-SentinelIncident-MDATPTVM
I believe the field names have changed for the Alert - Get Incident task.
Which means on running the playbook it attempts to query a path that looks something like the below
"/Cases///7a441234-b23c-4d88-e123-f123g123hi2j/"
And subsequently errors out with a 404
The text was updated successfully, but these errors were encountered: