AWS Security Hub Connector invalid ELF header error #8527
Comments
|
Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal. |
|
Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal. |
2 similar comments
|
Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal. |
|
Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal. |
|
Hi @Pathward-MikeM, thanks for flagging this, we will look into this and provide an update soon. |
|
Hi @Pathward-MikeM, can you please change the runtime version to 4 and restart the function app then check the invocation logs? |
|
Hi @v-rbajaj, I updated the runtime version and am still receiving the same error. Please advise. Thanks!
|
|
Hi @Pathward-MikeM, we are checking on this with the team internally and once will receive an update will let you know |
|
Hi @Pathward-MikeM, we are still checking on this with the team internally and once will receive an update will let you know |
|
Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal. |
|
Hi @Pathward-MikeM, Please follow this document for help on troubleshooting. |
|
Hi @v-rbajaj, this is function app runs from a package file. We do not make changes to the package file as that would prevent future updates - this is Azure best practice. Your recommended path to remediation would involve disabling the run from package setting, thereby preventing future updates. Please correct me if I am wrong here? Thanks! |
|
Hi @Pathward-MikeM, we will get back to you on this. |
|
Hi @Pathward-MikeM, we are looking into the query asked here, we will get back to you once there is an update. |
1 similar comment
|
Hi @Pathward-MikeM, we are looking into the query asked here, we will get back to you once there is an update. |
|
Hi @Pathward-MikeM, we are trying to reproduce this issue. |
|
Thanks for your patience @Pathward-MikeM, we are able to reproduce the issue, we are figuring out the fix. Just wanted to know, have you read the readme file and did the configuration as per the readme file? |
|
Hi @Pathward-MikeM, can you please look into the above comment? |
|
Hi yes I have done all the configuration steps as part of the readme and configuration. Thanks |
|
Is there a way to revert to a previous stable version? |
|
Hi @Pathward-MikeM, I'll get back to you on this as we are reaching out to concerned team. Apologies for the delay in response. |
|
Hi @Pathward-MikeM, sorry for the delay, we are reaching out to concerned team and will get back to you with details by 21st Sept |
|
Hi @Pathward-MikeM, sorry for the delay, we are reaching out to concerned team for this issue. |
|
Hi @Pathward-MikeM, sorry for the delay, we are reaching out to concerned team for this issue, will update you by 17 Oct 2023. |
|
Any updates on this issue, it is after 10/17. |
|
Hi @rcscoggin, sorry for the delay, please give us more time to investigate till 31 Oct 2023. |
|
|
Hi team, any update? |
|
Hi @Pathward-MikeM ,Working on this one,will share updates by eod |
|
Hi @Pathward-MikeM ,Please use the package url i.e. https://github.com/Azure/Azure-Sentinel/raw/users/v-muuppugund/AWSchanges/DataConnectors/AWS-SecurityHubFindings/AzFunAWSSecurityHubIngestion.zip point this url to WEBSITE_RUN_FROM_PACKAGE in existing function app settings and restart the function app,please let me know if you have any issues,will connect over teams meeting. |
|
Hi @v-muuppugund, good morning! I unfortuntaly am still receiving an error. Screenshot is attached. |
|
Hi @Pathward-MikeM ,Apologies for the delayed response,for me i am not getting issues as i don't have valid account credentials to check this issue,Could you please share email id and conveninet time slots for trouble shooting this issue via teams meeting |
|
Hi, can you drop your email and I will send you an email with availability? Thank you! |
|
Hi @Pathward-MikeM ,Apologies for the delayed response, don't see email id from profile,could you please share couple of time slots to (v-muuppugund@microsoft.com) for teams meeting,Thanks |
|
Hi @Pathward-MikeM, Could you please confirm have you sent your slot time on above mentioned mail id? Thanks! |
|
Hi all, yes I have sent an email to begin scheduling a call. Thanks! |
|
Hi @Pathward-MikeM ,Blocked time for the issue troubleshooting, please let me know if this time isn't convenient. |
|
Hi @Pathward-MikeM ,As discussed over call today ,I am trying the set up in our AWS environment and will update you |
|
Hi @Pathward-MikeM ,As discussed on last Thursday call i,e. 28Dec2023, the initial error is fixed with the package shared by me and the error now getting while token generation and we have environment and i am working on using that replicating the same issue at my end if required will let you know. |
|
Hi @Pathward-MikeM ,I have created security hub in our environment and role ,debugging it,Will update you and trying to replicate the second issue after first issue fix at my end
|
|
Hi @Pathward-MikeM ,still working on fixes in the environment created,will update you,once fix is completed ,will block your calendar. |
|
Hi @Pathward-MikeM ,Still need some time to complete debugging,will share an update this week and will block your calendar for the same. |
|
Hi @Pathward-MikeM ,Fixed the issues while generating token,please find below screen shot for reference,please share convenient time slot for teams meeting
|
|
Hi @Pathward-MikeM ,Tomorrow call has been scheduled for redeploying entire solution earlier call fixed aws permissions and azure function configuration issues. |
|
Hi @Pathward-MikeM , As discussed over teams confirmed the issue has been resolved, so, closing this issue (#8527 raising the PR and Post updates over chat . If you still need support for this issue, feel free to re-open at any time. Thank you for your co-operation! |
|
Hi @v-muuppugund we have been waiting for a fix for this issue for a couple of months now. We see it's marked as resolved, we have deployed to Azure once again but the original message error still there. Could you please confirm if the AzFunAWSSecurityHubIngestion.zip is now updated on (Azure-Sentinel/DataConnectors/AWS-SecurityHubFindings) to reflect the last updates ? If yes could we schedule a call in order to look into this matter. Thank you. |
Will be raising PR ,will update you |
@CyberHunter7 raised pr for it #9910 |
|
Hi @CyberHunter7 , Working on PR push as team has asked me to check another issue i.e. dependency bot version compatibility issue for this connector ,so i am occupied with other items, didn't get chance to check it, will be checking that also and pushing it. |
Hi @CyberHunter7 ,I have completed the package compatability for cryptography version upgrade by dependency bot and PR is under review as team asked me to check on the another item for the same connector,will update you once completed. |
Hi @v-muuppugund Thank you for your support. It's working now. |
|
Hi @Pathward-MikeM since you opened this issue, just checking if you noticed that events related to Macie and GuardDuty, even if it's showing in Security Hub (in the aws console or aws cli output), it does not appear on Azure Log Analytics side ? What's visible in Azure log analytics side are only events related to security standards. |
|
Yes, I have experienced issues with the connector since update. @CyberHunter7 have you found any workarounds? |
|
@Pathward-MikeM I opened an issue about it here. |
Describe the bug
AWS Security Hub function app has an error "invalid ELF header". Copy of error here:
Result: Failure Exception: ImportError: /home/site/wwwroot/.python_packages/lib/site-packages/cryptography/hazmat/bindings/_rust.abi3.so: invalid ELF header. Troubleshooting Guide: https://aka.ms/functions-modulenotfound Stack: File "/azure-functions-host/workers/python/3.8/LINUX/X64/azure_functions_worker/dispatcher.py", line 314, in _handle__function_load_request func = loader.load_function( File "/azure-functions-host/workers/python/3.8/LINUX/X64/azure_functions_worker/utils/wrappers.py", line 42, in call raise extend_exception_message(e, message) File "/azure-functions-host/workers/python/3.8/LINUX/X64/azure_functions_worker/utils/wrappers.py", line 40, in call return func(*args, **kwargs) File "/azure-functions-host/workers/python/3.8/LINUX/X64/azure_functions_worker/loader.py", line 85, in load_function mod = importlib.import_module(fullmodname) File "/usr/local/lib/python3.8/importlib/init.py", line 127, in import_module return _bootstrap._gcd_import(name[level:], package, level) File "", line 1014, in _gcd_import File "<frozen (... etc etc)
To Reproduce
This is a read only app that is ran from a vendor managed package. We have made no custom changes on our end. To replicate, simply deploy the function app and wait for the error to populate.
Expected behavior
No ELF header error, expected behavior is ingestion of AWS Security Hub findings into Sentinel.
Screenshots
Desktop (please complete the following information):
The text was updated successfully, but these errors were encountered: