New Mimecast (3.0.1) Function App based data connectors change Workspace default log retention to 30 days (typically 90 days) causing all tables retention to be changed/reduced #9780
Comments
|
Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal. |
PCNZ
changed the title
PCNZ
changed the title
|
Hi @PCNZ , Thanks for flagging this issue, we will investigate this issue and get back to you with some updates by 23Jan2024. Thanks! |
|
Hi @PCNZ, thanks for reporting this bug with us. We have checked the solution, the Mimecast solution is partner supported with the Mimecast Team, and as of now we are not authorized to make those modification in function app. but i can see you have raised the PR-(#9781) with those changes, we really appreciate your contribution on this. We will check this issue with our team and get back to you by some updates. Thanks! |
Thanks, I have also emailed the Mimecast support email address listed in the solution (support@mimecast.com) but it responds saying that it is no longer used/monitored. |
|
Hi @PCNZ, thank you for response. Could you please check with below shared link and raise case with Mimecast. So Mimecast team will can check on this issue and made those modification's. |
Seems you need to be a customer and have a registered domain with Mimecast to be able to access that support, which I don't have. |
|
@v-sudkharat I don't seem to have access to re-open this, can you please leave it open until it is resolved. To let users know the bug still exists and give them the opportunity to work around it. |
|
Hi @PCNZ, Apologies for the delay in response. Unfortunately, we cannot keep this partner-supported solution open. As mentioned above, we are not authorized to do so. Therefore, we kindly request the customer to open a case with Mimecast so that they can make the required changes. Thanks! |
|
@nipun-crestdatasystem |
|
@PCNZ yes we are in discussion with Mimecast on this. |
|
This has been fixed now. |
Describe the bug
After deploying any of the new Mimecast data connectors (Mimecast Audit Logs, Mimecast Cloud Gateway MTA, Mimecast Cloud Gateway Targeted Threat Protection or Mimecast Cloud Gateway Threat Intel Regional Feed) the default log retention of the Workspace specified during deployment of the function app is set to 30 days. The deployment overwrites the existing retention setting of the workspace, which is typically 90 days.
It should not be changing the retention of the workspace at all.
The result is that all tables which are using the default retention period, have logs retention significantly reduced.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Sentinel Workspace Default Log Retentions are not changed when a data connector is deployed.
Screenshots
Function app deployment setting retention to 30 days.
Desktop (please complete the following information):
Additional context
Anyone who has deployed this data connector should check and reset their default log retentions to avoid unexpected data loss.
Please add code checks to all Sentinel pull requests, to prevent future data connectors being deployed which exhibit this behaviour.
The text was updated successfully, but these errors were encountered: