-
Notifications
You must be signed in to change notification settings - Fork 3.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Change API version for Az.SecurityInsights #26146
Labels
bug
This issue requires a change to an existing behavior in the product in order to be resolved.
customer-reported
needs-triage
This is a new issue that needs to be triaged to the appropriate team.
Comments
AndreasRogge
added
bug
This issue requires a change to an existing behavior in the product in order to be resolved.
needs-triage
This is a new issue that needs to be triaged to the appropriate team.
labels
Sep 20, 2024
microsoft-github-policy-service
bot
added
customer-reported
needs-triage
This is a new issue that needs to be triaged to the appropriate team.
and removed
needs-triage
This is a new issue that needs to be triaged to the appropriate team.
labels
Sep 20, 2024
I have a similar problem with CloudShell & EastUs2: Issue script & Debug outputPS /home/admin> $incident | %{Update-AzSentinelIncident -ResourceGroupName "security-operations-center-msn1" -WorkspaceName "XdrWorkspace-msn1" -Id $_.id -Classification 'Undetermined' -ClassificationReason 'InaccurateData' -Status 'Closed' -debug}
DEBUG: 3:47:01 PM - [ConfigManager] Got [True] from [DisplaySecretsWarning], Module = [], Cmdlet = [].
DEBUG: 3:47:01 PM - GetAzureRMContextCommand begin processing with ParameterSet 'GetSingleContext'.
DEBUG: 3:47:01 PM - [ConfigManager] Got nothing from [DisplayBreakingChangeWarning], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 3:47:01 PM - [ConfigManager] Got [True] from [DisplaySecretsWarning], Module = [], Cmdlet = [].
DEBUG: 3:47:01 PM - [ConfigManager] Got nothing from [DisplayRegionIdentified], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 3:47:01 PM - [ConfigManager] Got nothing from [CheckForUpgrade], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 3:47:01 PM - GetAzureRMContextCommand end processing.
DEBUG: [CmdletBeginProcessing]: Starting command
DEBUG: CmdletBeginProcessing:
DEBUG: CmdletProcessRecordStart:
Confirm
Are you sure you want to perform this action?
Performing the operation "Update-AzSentinelIncident_UpdateExpanded" on target "Call remote 'IncidentsCreateOrUpdate' operation".
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): A
DEBUG: CmdletGetPipeline:
DEBUG: CmdletBeforeAPICall:
DEBUG: URLCreated: /subscriptions/506a413b-e256-42c8-b98c-adc54ee35c28/resourceGroups/security-operations-center-msn1/providers/Microsoft.OperationalInsights/workspaces/XdrWorkspace-msn1/providers/Microsoft.SecurityInsights/incidents/%2Fsubscriptions%2F506a413b-e256-42c8-b98c-adc54ee35c28%2FresourceGroups%2Fsecurity-operations-center-msn1%2Fproviders%2FMicrosoft.OperationalInsights%2Fworkspaces%2FXdrWorkspace-msn1%2Fproviders%2FMicrosoft.SecurityInsights%2FIncidents%2F542a47a8-80b1-4f2f-913b-4297518cd3bf?api-version=2021-09-01-preview
DEBUG: RequestCreated: /subscriptions/506a413b-e256-42c8-b98c-adc54ee35c28/resourceGroups/security-operations-center-msn1/providers/Microsoft.OperationalInsights/workspaces/XdrWorkspace-msn1/providers/Microsoft.SecurityInsights/incidents/%2Fsubscriptions%2F506a413b-e256-42c8-b98c-adc54ee35c28%2FresourceGroups%2Fsecurity-operations-center-msn1%2Fproviders%2FMicrosoft.OperationalInsights%2Fworkspaces%2FXdrWorkspace-msn1%2Fproviders%2FMicrosoft.SecurityInsights%2FIncidents%2F542a47a8-80b1-4f2f-913b-4297518cd3bf?api-version=2021-09-01-preview
DEBUG: HeaderParametersAdded:
DEBUG: BodyContentSet:
DEBUG: 3:47:18 PM - [ConfigManager] Got nothing from [DisableInstanceDiscovery], Module = [], Cmdlet = []. Returning default value [False].
DEBUG: 3:47:18 PM - [ConfigManager] Got [False] from [EnableLoginByWam], Module = [], Cmdlet = [].
DEBUG: ============================ HTTP REQUEST ============================
HTTP Method:
PUT
Absolute Uri:
https://management.azure.com/subscriptions/506a413b-e256-42c8-b98c-adc54ee35c28/resourceGroups/security-operations-center-msn1/providers/Microsoft.OperationalInsights/workspaces/XdrWorkspace-msn1/providers/Microsoft.SecurityInsights/incidents/%2Fsubscriptions%2F506a413b-e256-42c8-b98c-adc54ee35c28%2FresourceGroups%2Fsecurity-operations-center-msn1%2Fproviders%2FMicrosoft.OperationalInsights%2Fworkspaces%2FXdrWorkspace-msn1%2Fproviders%2FMicrosoft.SecurityInsights%2FIncidents%2F542a47a8-80b1-4f2f-913b-4297518cd3bf?api-version=2021-09-01-preview
Headers:
x-ms-unique-id : 603
x-ms-client-request-id : ac42a068-4e94-4e28-b85d-cb5f74b49225
CommandName : Update-AzSentinelIncident
FullCommandName : Update-AzSentinelIncident_UpdateExpanded
ParameterSetName : __AllParameterSets
User-Agent : AzurePowershell/v12.3.0,PSVersion/v7.4.5,Az.SecurityInsights/0.0.0,cloud-shell_1.0
Body:
{
"properties": {
"classification": "Undetermined",
"classificationReason": "InaccurateData",
"status": "Closed"
}
}
DEBUG: BeforeCall:
DEBUG: ============================ HTTP RESPONSE ============================
Status Code:
BadRequest
Headers:
Cache-Control : no-cache
Pragma : no-cache
x-ms-failure-cause : gateway
x-ms-request-id : 349ed0c2-3691-4bf5-ab80-3d765e81b1d8
x-ms-correlation-request-id : 349ed0c2-3691-4bf5-ab80-3d765e81b1d8
x-ms-routing-request-id : WESTUS:20240924T154719Z:349ed0c2-3691-4bf5-ab80-3d765e81b1d8
Strict-Transport-Security : max-age=31536000; includeSubDomains
X-Content-Type-Options : nosniff
X-Cache : CONFIG_NOCACHE
X-MSEdge-Ref : Ref A: 5D60BAD9FA8F4714A7C609605F570526 Ref B: SJC211051204023 Ref C: 2024-09-24T15:47:18Z
Date : Tue, 24 Sep 2024 15:47:18 GMT
Body:
{
"error": {
"code": "NoRegisteredProviderFound",
"message": "No registered resource provider found for location 'eastus2' and API version '2021-09-01-preview' for type 'workspaces'. The supported api-versions are '2015-03-20, 2015-11-01-preview, 2017-01-01-preview, 2017-03-03-preview, 2017-03-15-preview, 2017-04-26-preview, 2020-03-01-preview, 2020-08-01, 2020-10-01, 2021-03-01-privatepreview, 2021-06-01, 2021-12-01-preview, 2022-10-01, 2023-01-01-preview, 2023-09-01'. The supported locations are 'eastus, westeurope, southeastasia, australiasoutheast, westcentralus, japaneast, uksouth, centralindia, canadacentral, westus2, australiacentral, australiaeast, francecentral, koreacentral, northeurope, centralus, eastasia, eastus2, southcentralus, northcentralus, westus, ukwest, southafricanorth, brazilsouth, switzerlandnorth, switzerlandwest, germanywestcentral, australiacentral2, uaecentral, uaenorth, japanwest, brazilsoutheast, norwayeast, norwaywest, francesouth, southindia, koreasouth, jioindiacentral, jioindiawest, qatarcentral, canadaeast, westus3, swedencentral, southafricawest, germanynorth, polandcentral, israelcentral, italynorth, spaincentral'."
}
}
DEBUG: ResponseCreated:
DEBUG: BeforeResponseDispatch:
Update-AzSentinelIncident_UpdateExpanded: No registered resource provider found for location 'eastus2' and API version '2021-09-01-preview' for type 'workspaces'. The supported api-versions are '2015-03-20, 2015-11-01-preview, 2017-01-01-preview, 2017-03-03-preview, 2017-03-15-preview, 2017-04-26-preview, 2020-03-01-preview, 2020-08-01, 2020-10-01, 2021-03-01-privatepreview, 2021-06-01, 2021-12-01-preview, 2022-10-01, 2023-01-01-preview, 2023-09-01'. The supported locations are 'eastus, westeurope, southeastasia, australiasoutheast, westcentralus, japaneast, uksouth, centralindia, canadacentral, westus2, australiacentral, australiaeast, francecentral, koreacentral, northeurope, centralus, eastasia, eastus2, southcentralus, northcentralus, westus, ukwest, southafricanorth, brazilsouth, switzerlandnorth, switzerlandwest, germanywestcentral, australiacentral2, uaecentral, uaenorth, japanwest, brazilsoutheast, norwayeast, norwaywest, francesouth, southindia, koreasouth, jioindiacentral, jioindiawest, qatarcentral, canadaeast, westus3, swedencentral, southafricawest, germanynorth, polandcentral, israelcentral, italynorth, spaincentral'.
DEBUG: [Finally]: Getting exception 'Microsoft.Azure.Commands.Common.Exceptions.AzPSCloudException: InternalException' from response
DEBUG: Finally:
DEBUG: CmdletAfterAPICall:
DEBUG: [CmdletProcessRecordAsyncEnd]: Finish HTTP process
DEBUG: CmdletProcessRecordAsyncEnd:
DEBUG: CmdletProcessRecordEnd:
DEBUG: AzureQoSEvent: Module: Az.SecurityInsights:3.1.2; CommandName: Update-AzSentinelIncident; PSVersion: 7.4.5; IsSuccess: False; Duration: 00:00:17.7950544; SanitizeDuration: 00:00:00; Exception: InternalException; Environment$PSVersionTable
Name Value
---- -----
PSVersion 7.4.5
PSEdition Core
GitCommitId 7.4.5
OS CBL-Mariner/Linux
Platform Unix
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0 Module versionsGet-Module Az*
ModuleType Version PreRelease Name ExportedCommands
---------- ------- ---------- ---- ----------------
Script 3.0.4 Az.Accounts {Add-AzEnvironment, Clear-AzConfig, Clear-AzContext, Clear-AzDefault…}
Script 8.3.0 Az.Compute {Add-AzImageDataDisk, Add-AzVhd, Add-AzVMAdditionalUnattendContent, Add-AzVMDataDisk…}
Script 7.8.1 Az.Network {Add-AzApplicationGatewayAuthenticationCertificate, Add-AzApplicationGatewayBackendAddressPool, Add-AzApplicationGatewayBackendHttpSetting, Add-AzApplicationGateway…
Script 7.4.0 Az.Resources {Export-AzResourceGroup, Export-AzTemplateSpec, Get-AzDenyAssignment, Get-AzDeployment…}
Script 3.1.2 Az.SecurityInsights {Get-AzSentinelAlertRule, Get-AzSentinelAlertRuleAction, Get-AzSentinelAlertRuleTemplate, Get-AzSentinelAutomationRule…}
Script 7.3.0 Az.Storage {Add-AzRmStorageContainerLegalHold, Add-AzStorageAccountManagementPolicyAction, Add-AzStorageAccountNetworkRule, Close-AzStorageFileHandle…}
Script 1.1.3 Az.Tools.Predictor {Disable-AzPredictor, Enable-AzPredictor, Open-AzPredictorSurvey, Send-AzPredictorRating}
Script 0.0.0.10 AzureAD.Standard.Preview {Add-AzureADApplicationOwner, Add-AzureADDeviceRegisteredOwner, Add-AzureADDeviceRegisteredUser, Add-AzureADDirectoryRoleMember…}
Script 0.9.3 AzurePSDrive Resource Providers |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
bug
This issue requires a change to an existing behavior in the product in order to be resolved.
customer-reported
needs-triage
This is a new issue that needs to be triaged to the appropriate team.
Description
Hi,
I wanted to use the mentioned module to update my incidents automatically. Unfortunately I always get the following error:
Resource Provider Microsoft.SecurityInsights and Microsoft.OperationalInsights are registered.
When I check the API versions on SecurityInsights I can see that "2021-09-01-preview" is available but on OperationalInsights it is unavailable on resource type "workspaces" like mentioned in the picture.
If I look at the source: https://github.com/Azure/azure-powershell/blob/main/src/SecurityInsights/SecurityInsights.Autorest/UX/Microsoft.OperationalInsights/workspaces-incidents.json
I can see that API version "2021-09-01-preview" is used. But as I mentioned above this version is not avilable for "workspace" in OperationalInsights:
Issue script & Debug output
Environment data
Module versions
Error output
The text was updated successfully, but these errors were encountered: