Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to deploy UEBA/EntityAnalytics using Bicep - etag issue #10850

Closed
Kaloszer opened this issue May 30, 2023 · 2 comments
Closed

Unable to deploy UEBA/EntityAnalytics using Bicep - etag issue #10850

Kaloszer opened this issue May 30, 2023 · 2 comments
Labels
Needs: Triage 🔍

Comments

@Kaloszer
Copy link

Kaloszer commented May 30, 2023
edited by alex-frankel
Loading

Bicep version
0.16.2

Describe the bug
Unable to deploy UEBA/EntityAnalytics, something wrong with etag reference.
Documentation is invalid.

To Reproduce
repro sample:

param workspaceName string
param enableUeba bool = true
param enableAnomalies bool = true
param enableEntityAnalytics bool = true
param enableEyesOn bool = true
param uebaDataSources array = [ 'AuditLogs'
  'AzureActivity'
  'SecurityEvent'
  'SigninLogs' ]
param entityAnalyticsEntityProviders array = [
  'AzureActiveDirectory'
]

resource workspace 'Microsoft.OperationalInsights/workspaces@2022-10-01' existing = {
  name: workspaceName
}

// Name has to be the same as the setting name
// Status Message: Setting name 'sentinel-anomalies-settings' should be identical to the setting kind 'Anomalies' (Code:BadRequest)

resource sentinelSettingsUeba 'Microsoft.SecurityInsights/settings@2023-04-01-preview' = if (enableUeba) {
  name: 'Ueba'
  scope: workspace
  kind: 'Ueba'
  etag: '*'
  properties: {
    dataSources: uebaDataSources
  }
} // broken eTag/etag/ETag does not work, also tried 2023-06-01-preview

resource sentinelSettingsEyesOn 'Microsoft.SecurityInsights/settings@2023-04-01-preview' = if (enableEyesOn) {
  name: 'EyesOn'
  scope: workspace
  kind: 'EyesOn'
  properties: {}
}

resource sentinelSettingsEntityAnalytics 'Microsoft.SecurityInsights/settings@2023-04-01-preview' = if (enableEntityAnalytics) {
  name: 'EntityAnalytics'
  etag: '*'
  scope: workspace
  kind: 'EntityAnalytics'
  properties: {
    entityProviders: entityAnalyticsEntityProviders
  } 
} // broken eTag/etag/ETag does not work, also tried 2023-06-01-preview

resource sentinelSettingsAnomalies 'Microsoft.SecurityInsights/settings@2023-04-01-preview' = if (enableAnomalies) {
  name: 'Anomalies'
  scope: workspace
  kind: 'Anomalies'
  properties: {}
}
image

After replacing etag with eTag:

Update request should provide ETag (Code: BadRequest)

For EyesOn/Anomalies deployment works without etag, however for Ueba/EntityAnalytics no dice.

Additional notes

Current documentation is invalid, it tells us to use etag whereas it seems to not be mandatory for 2 of the settings, whereas for 2 where it is required, it simply does not work.

MicrosoftDocs/azure-docs#110169 - docs issue
@github-project-automation github-project-automation bot moved this to Todo in Bicep May 30, 2023
@ghost ghost added the Needs: Triage 🔍 label May 30, 2023
@Kaloszer Kaloszer mentioned this issue May 30, 2023
Open
3 tasks
@Kaloszer
Copy link
Author

Found a relevant bug

Azure/bicep-types-az#1557

@alex-frankel
Copy link
Collaborator

Closing as dup of the issue you found.

@github-project-automation github-project-automation bot moved this from Todo to Done in Bicep Jun 6, 2023
@ghost ghost locked as resolved and limited conversation to collaborators Jul 7, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Needs: Triage 🔍
Projects
Bicep
Archived in project
Milestone
No milestone
Development

No branches or pull requests
2 participants
@alex-frankel @Kaloszer