Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change API version for Az.SecurityInsights #26146

Open
AndreasRogge opened this issue Sep 20, 2024 · 1 comment
Open

Change API version for Az.SecurityInsights #26146

AndreasRogge opened this issue Sep 20, 2024 · 1 comment
Labels
bug This issue requires a change to an existing behavior in the product in order to be resolved. customer-reported needs-triage This is a new issue that needs to be triaged to the appropriate team.

Comments

@AndreasRogge
Copy link

AndreasRogge commented Sep 20, 2024
edited
Loading

Description

Hi,
I wanted to use the mentioned module to update my incidents automatically. Unfortunately I always get the following error:

Update-AzSentinelIncident -Id $id -Status "Closed" -ResourceGroupName $rgName -WorkspaceName $workspaceName -Classification Undetermined
Update-AzSentinelIncident_UpdateExpanded: No registered resource provider found for location 'westeurope' and API version '2021-09-01-preview' for type 'workspaces'. The supported api-versions are '2015-03-20, 2015-11-01-preview, 2017-01-01-preview, 2017-03-03-preview, 2017-03-15-preview, 2017-04-26-preview, 2020-03-01-preview, 2020-08-01, 2020-10-01, 2021-03-01-privatepreview, 2021-06-01, 2021-12-01-preview, 2022-10-01, 2023-01-01-preview, 2023-09-01'. The supported locations are 'eastus, westeurope, southeastasia, australiasoutheast, westcentralus, japaneast, uksouth, centralindia, canadacentral, westus2, australiacentral, australiaeast, francecentral, koreacentral, northeurope, centralus, eastasia, eastus2, southcentralus, northcentralus, westus, ukwest, southafricanorth, brazilsouth, switzerlandnorth, switzerlandwest, germanywestcentral, australiacentral2, uaecentral, uaenorth, japanwest, brazilsoutheast, norwayeast, norwaywest, francesouth, southindia, koreasouth, jioindiacentral, jioindiawest, qatarcentral, canadaeast, westus3, swedencentral, southafricawest, germanynorth, polandcentral, israelcentral, italynorth, spaincentral'.

Resource Provider Microsoft.SecurityInsights and Microsoft.OperationalInsights are registered.
When I check the API versions on SecurityInsights I can see that "2021-09-01-preview" is available but on OperationalInsights it is unavailable on resource type "workspaces" like mentioned in the picture.

If I look at the source: https://github.com/Azure/azure-powershell/blob/main/src/SecurityInsights/SecurityInsights.Autorest/UX/Microsoft.OperationalInsights/workspaces-incidents.json
I can see that API version "2021-09-01-preview" is used. But as I mentioned above this version is not avilable for "workspace" in OperationalInsights:
image

Issue script & Debug output

Update-AzSentinelIncident -Id $id -Status "Closed" -ResourceGroupName $rgName -WorkspaceName $workspaceName -Classification Undetermined
DEBUG: 12:59:44 - [ConfigManager] Got nothing from [DisplaySecretsWarning], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 12:59:44 - GetAzureRMContextCommand begin processing with ParameterSet 'GetSingleContext'.
DEBUG: 12:59:44 - [ConfigManager] Got nothing from [DisplayBreakingChangeWarning], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 12:59:44 - [ConfigManager] Got nothing from [DisplaySecretsWarning], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 12:59:44 - [ConfigManager] Got nothing from [DisplayRegionIdentified], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 12:59:44 - [ConfigManager] Got nothing from [CheckForUpgrade], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 12:59:44 - GetAzureRMContextCommand end processing.
DEBUG: [CmdletBeginProcessing]: Starting command
DEBUG: CmdletBeginProcessing:
DEBUG: CmdletProcessRecordStart:
DEBUG: CmdletGetPipeline:
DEBUG: CmdletBeforeAPICall:
DEBUG: URLCreated: /subscriptions/bd50c681-4857-495a-b225-526f2829ab59/resourceGroups/rg-hybrid-ressources/providers/Microsoft.OperationalInsights/workspaces/ak-hybridresources-la/providers/Microsoft.SecurityInsights/incidents/%40%7BId%3D%2Fsubscriptions%2Fbd50c681-4857-495a-b225-526f2829ab59%2FresourceGroups%2Frg-hybrid-ressources%2Fproviders%2FMicrosoft.OperationalInsights%2Fworkspaces%2Fak-hybridresources-la%2Fproviders%2FMicrosoft.SecurityInsights%2FIncidents%2Fa1d77a3f-d396-493d-91b1-c38d8a12d68f%7D?api-version=2021-09-01-preview
DEBUG: RequestCreated: /subscriptions/bd50c681-4857-495a-b225-526f2829ab59/resourceGroups/rg-hybrid-ressources/providers/Microsoft.OperationalInsights/workspaces/ak-hybridresources-la/providers/Microsoft.SecurityInsights/incidents/%40%7BId%3D%2Fsubscriptions%2Fbd50c681-4857-495a-b225-526f2829ab59%2FresourceGroups%2Frg-hybrid-ressources%2Fproviders%2FMicrosoft.OperationalInsights%2Fworkspaces%2Fak-hybridresources-la%2Fproviders%2FMicrosoft.SecurityInsights%2FIncidents%2Fa1d77a3f-d396-493d-91b1-c38d8a12d68f%7D?api-version=2021-09-01-preview
DEBUG: HeaderParametersAdded:
DEBUG: BodyContentSet:
DEBUG: 12:59:44 - [ConfigManager] Got nothing from [DisableInstanceDiscovery], Module = [], Cmdlet = []. Returning default value [False].
DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
PUT

Absolute Uri:
https://management.azure.com/subscriptions/bd50c681-4857-495a-b225-526f2829ab59/resourceGroups/rg-hybrid-ressources/providers/Microsoft.OperationalInsights/workspaces/ak-hybridresources-la/providers/Microsoft.SecurityInsights/incidents/%40{Id%3D%2Fsubscriptions%2Fbd50c681-4857-495a-b225-526f2829ab59%2FresourceGroups%2Frg-hybrid-ressources%2Fproviders%2FMicrosoft.OperationalInsights%2Fworkspaces%2Fak-hybridresources-la%2Fproviders%2FMicrosoft.SecurityInsights%2FIncidents%2Fa1d77a3f-d396-493d-91b1-c38d8a12d68f}?api-version=2021-09-01-preview

Headers:
x-ms-unique-id                : 16
x-ms-client-request-id        : 652c8792-4ef3-446e-b6fc-617e7c984aad
CommandName                   : Update-AzSentinelIncident
FullCommandName               : Update-AzSentinelIncident_UpdateExpanded
ParameterSetName              : __AllParameterSets
User-Agent                    : AzurePowershell/v12.3.0,PSVersion/v7.4.5,Az.SecurityInsights/0.0.0

Body:
{
  "properties": {
    "classification": "Undetermined",
    "status": "Closed"
  }
}


DEBUG: 12:59:44 - [ConfigManager] Got nothing from [EnableLoginByWam], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: BeforeCall:
DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
BadRequest

Headers:
Cache-Control                 : no-cache
Pragma                        : no-cache
x-ms-failure-cause            : gateway
x-ms-request-id               : 3381be55-ddf5-4a5e-a4ef-b475fc112a5b
x-ms-correlation-request-id   : 3381be55-ddf5-4a5e-a4ef-b475fc112a5b
x-ms-routing-request-id       : GERMANYWESTCENTRAL:20240920T105945Z:3381be55-ddf5-4a5e-a4ef-b475fc112a5b
Strict-Transport-Security     : max-age=31536000; includeSubDomains
X-Content-Type-Options        : nosniff
X-Cache                       : CONFIG_NOCACHE
X-MSEdge-Ref                  : Ref A: 5D758FE204674FD4837C5D4C2AEEC095 Ref B: FRA231050414029 Ref C: 2024-09-20T10:59:44Z
Date                          : Fri, 20 Sep 2024 10:59:45 GMT

Body:
{
  "error": {
    "code": "NoRegisteredProviderFound",
    "message": "No registered resource provider found for location 'westeurope' and API version '2021-09-01-preview' for type 'workspaces'. The supported api-versions are '2015-03-20, 2015-11-01-preview, 2017-01-01-preview, 2017-03-03-preview, 2017-03-15-preview, 2017-04-26-preview, 2020-03-01-preview, 2020-08-01, 2020-10-01, 2021-03-01-privatepreview, 2021-06-01, 2021-12-01-preview, 2022-10-01, 2023-01-01-preview, 2023-09-01'. The supported locations are 'eastus, westeurope, southeastasia, australiasoutheast, westcentralus, japaneast, uksouth, centralindia, canadacentral, westus2, australiacentral, australiaeast, francecentral, koreacentral, northeurope, centralus, eastasia, eastus2, southcentralus, northcentralus, westus, ukwest, southafricanorth, brazilsouth, switzerlandnorth, switzerlandwest, germanywestcentral, australiacentral2, uaecentral, uaenorth, japanwest, brazilsoutheast, norwayeast, norwaywest, francesouth, southindia, koreasouth, jioindiacentral, jioindiawest, qatarcentral, canadaeast, westus3, swedencentral, southafricawest, germanynorth, polandcentral, israelcentral, italynorth, spaincentral'."
  }
}


DEBUG: ResponseCreated:
DEBUG: BeforeResponseDispatch:
Update-AzSentinelIncident_UpdateExpanded: No registered resource provider found for location 'westeurope' and API version '2021-09-01-preview' for type 'workspaces'. The supported api-versions are '2015-03-20, 2015-11-01-preview, 2017-01-01-preview, 2017-03-03-preview, 2017-03-15-preview, 2017-04-26-preview, 2020-03-01-preview, 2020-08-01, 2020-10-01, 2021-03-01-privatepreview, 2021-06-01, 2021-12-01-preview, 2022-10-01, 2023-01-01-preview, 2023-09-01'. The supported locations are 'eastus, westeurope, southeastasia, australiasoutheast, westcentralus, japaneast, uksouth, centralindia, canadacentral, westus2, australiacentral, australiaeast, francecentral, koreacentral, northeurope, centralus, eastasia, eastus2, southcentralus, northcentralus, westus, ukwest, southafricanorth, brazilsouth, switzerlandnorth, switzerlandwest, germanywestcentral, australiacentral2, uaecentral, uaenorth, japanwest, brazilsoutheast, norwayeast, norwaywest, francesouth, southindia, koreasouth, jioindiacentral, jioindiawest, qatarcentral, canadaeast, westus3, swedencentral, southafricawest, germanynorth, polandcentral, israelcentral, italynorth, spaincentral'.
DEBUG: [Finally]: Getting exception 'Microsoft.Azure.Commands.Common.Exceptions.AzPSCloudException: InternalException' from response
DEBUG: Finally:
DEBUG: CmdletAfterAPICall:
DEBUG: [CmdletProcessRecordAsyncEnd]: Finish HTTP process
DEBUG: CmdletProcessRecordAsyncEnd:
DEBUG: CmdletProcessRecordEnd:
DEBUG: AzureQoSEvent:  Module: Az.SecurityInsights:3.1.2; CommandName: Update-AzSentinelIncident; PSVersion: 7.4.5; IsSuccess: False; Duration: 00:00:00.9845318; SanitizeDuration: 00:00:00; Exception: InternalException;

Environment data

$PSVersionTable

Name                           Value
----                           -----
PSVersion                      7.4.5
PSEdition                      Core
GitCommitId                    7.4.5
OS                             Microsoft Windows 10.0.22631
Platform                       Win32NT
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

Module versions

Get-Module Az*

ModuleType Version    PreRelease Name                                ExportedCommands
---------- -------    ---------- ----                                ----------------
Script     3.0.4                 Az.Accounts                         {Add-AzEnvironment, Clear-AzConfig, Clear-AzContext, Clear-AzDefault…}
Script     7.4.0                 Az.Resources                        {Export-AzResourceGroup, Export-AzTemplateSpec, Get-AzDenyAssignment, Get-AzDeployment…}
Script     3.1.2                 Az.SecurityInsights                 {Get-AzSentinelAlertRule, Get-AzSentinelAlertRuleAction, Get-AzSentinelAlertRuleTemplate, Get-AzSentinelAutomationRule…}

Error output

Resolve-AzError
DEBUG: 13:00:46 - [ConfigManager] Got nothing from [DisplaySecretsWarning], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 13:00:46 - ResolveError begin processing with ParameterSet 'AnyErrorParameterSet'.
DEBUG: 13:00:46 - using account id '[username]@[mydomain.tld]'...
DEBUG: 13:00:46 - [ConfigManager] Got nothing from [DisplayBreakingChangeWarning], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 13:00:46 - [ConfigManager] Got nothing from [DisplaySecretsWarning], Module = [], Cmdlet = []. Returning default value [True].

   HistoryId: 18

Message        : [NoRegisteredProviderFound] : No registered resource provider found for location 'westeurope' and API version '2021-09-01-preview' for type 'workspaces'. The supported api-versions are
                 '2015-03-20, 2015-11-01-preview, 2017-01-01-preview, 2017-03-03-preview, 2017-03-15-preview, 2017-04-26-preview, 2020-03-01-preview, 2020-08-01, 2020-10-01, 2021-03-01-privatepreview,
                 2021-06-01, 2021-12-01-preview, 2022-10-01, 2023-01-01-preview, 2023-09-01'. The supported locations are 'eastus, westeurope, southeastasia, australiasoutheast, westcentralus, japaneast,
                 uksouth, centralindia, canadacentral, westus2, australiacentral, australiaeast, francecentral, koreacentral, northeurope, centralus, eastasia, eastus2, southcentralus, northcentralus, westus,
                 ukwest, southafricanorth, brazilsouth, switzerlandnorth, switzerlandwest, germanywestcentral, australiacentral2, uaecentral, uaenorth, japanwest, brazilsoutheast, norwayeast, norwaywest,
                 francesouth, southindia, koreasouth, jioindiacentral, jioindiawest, qatarcentral, canadaeast, westus3, swedencentral, southafricawest, germanynorth, polandcentral, israelcentral, italynorth,
                 spaincentral'.
StackTrace     :
Exception      : System.Exception
InvocationInfo : {Update-AzSentinelIncident_UpdateExpanded}
Line           : Update-AzSentinelIncident -Id $id -Status "Closed" -ResourceGroupName $rgName -WorkspaceName $workspaceName -Classification Undetermined
Position       : At line:1 char:1
                 + Update-AzSentinelIncident -Id $id -Status "Closed" -ResourceGroupName …
                 + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 18

DEBUG: 13:00:46 - [ConfigManager] Got nothing from [DisplaySecretsWarning], Module = [], Cmdlet = []. Returning default value [True].

   HistoryId: 15

Message        : [NoRegisteredProviderFound] : No registered resource provider found for location 'westeurope' and API version '2021-09-01-preview' for type 'workspaces'. The supported api-versions are
                 '2015-03-20, 2015-11-01-preview, 2017-01-01-preview, 2017-03-03-preview, 2017-03-15-preview, 2017-04-26-preview, 2020-03-01-preview, 2020-08-01, 2020-10-01, 2021-03-01-privatepreview,
                 2021-06-01, 2021-12-01-preview, 2022-10-01, 2023-01-01-preview, 2023-09-01'. The supported locations are 'eastus, westeurope, southeastasia, australiasoutheast, westcentralus, japaneast,
                 uksouth, centralindia, canadacentral, westus2, australiacentral, australiaeast, francecentral, koreacentral, northeurope, centralus, eastasia, eastus2, southcentralus, northcentralus, westus,
                 ukwest, southafricanorth, brazilsouth, switzerlandnorth, switzerlandwest, germanywestcentral, australiacentral2, uaecentral, uaenorth, japanwest, brazilsoutheast, norwayeast, norwaywest,
                 francesouth, southindia, koreasouth, jioindiacentral, jioindiawest, qatarcentral, canadaeast, westus3, swedencentral, southafricawest, germanynorth, polandcentral, israelcentral, italynorth,
                 spaincentral'.
StackTrace     :
Exception      : System.Exception
InvocationInfo : {Update-AzSentinelIncident_UpdateExpanded}
Line           : Update-AzSentinelIncident -Id $id -Status "Closed" -ResourceGroupName $rgName -WorkspaceName $workspaceName -Classification Undetermined
Position       : At line:1 char:1
                 + Update-AzSentinelIncident -Id $id -Status "Closed" -ResourceGroupName …
                 + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 15

DEBUG: 13:00:46 - [ConfigManager] Got nothing from [DisplaySecretsWarning], Module = [], Cmdlet = []. Returning default value [True].

   HistoryId: 11

Message        : [NoRegisteredProviderFound] : No registered resource provider found for location 'westeurope' and API version '2021-09-01-preview' for type 'workspaces'. The supported api-versions are
                 '2015-03-20, 2015-11-01-preview, 2017-01-01-preview, 2017-03-03-preview, 2017-03-15-preview, 2017-04-26-preview, 2020-03-01-preview, 2020-08-01, 2020-10-01, 2021-03-01-privatepreview,
                 2021-06-01, 2021-12-01-preview, 2022-10-01, 2023-01-01-preview, 2023-09-01'. The supported locations are 'eastus, westeurope, southeastasia, australiasoutheast, westcentralus, japaneast,
                 uksouth, centralindia, canadacentral, westus2, australiacentral, australiaeast, francecentral, koreacentral, northeurope, centralus, eastasia, eastus2, southcentralus, northcentralus, westus,
                 ukwest, southafricanorth, brazilsouth, switzerlandnorth, switzerlandwest, germanywestcentral, australiacentral2, uaecentral, uaenorth, japanwest, brazilsoutheast, norwayeast, norwaywest,
                 francesouth, southindia, koreasouth, jioindiacentral, jioindiawest, qatarcentral, canadaeast, westus3, swedencentral, southafricawest, germanynorth, polandcentral, israelcentral, italynorth,
                 spaincentral'.
StackTrace     :
Exception      : System.Exception
InvocationInfo : {Update-AzSentinelIncident_UpdateExpanded}
Line           : Update-AzSentinelIncident -Id $id -Status "Closed" -ResourceGroupName $rgName -WorkspaceName $workspaceName -Classification Undetermined
Position       : At line:1 char:1
                 + Update-AzSentinelIncident -Id $id -Status "Closed" -ResourceGroupName …
                 + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 11

DEBUG: 13:00:46 - [ConfigManager] Got nothing from [DisplaySecretsWarning], Module = [], Cmdlet = []. Returning default value [True].

   HistoryId: 8

Message        : [NoRegisteredProviderFound] : No registered resource provider found for location 'westeurope' and API version '2021-09-01-preview' for type 'workspaces'. The supported api-versions are
                 '2015-03-20, 2015-11-01-preview, 2017-01-01-preview, 2017-03-03-preview, 2017-03-15-preview, 2017-04-26-preview, 2020-03-01-preview, 2020-08-01, 2020-10-01, 2021-03-01-privatepreview,
                 2021-06-01, 2021-12-01-preview, 2022-10-01, 2023-01-01-preview, 2023-09-01'. The supported locations are 'eastus, westeurope, southeastasia, australiasoutheast, westcentralus, japaneast,
                 uksouth, centralindia, canadacentral, westus2, australiacentral, australiaeast, francecentral, koreacentral, northeurope, centralus, eastasia, eastus2, southcentralus, northcentralus, westus,
                 ukwest, southafricanorth, brazilsouth, switzerlandnorth, switzerlandwest, germanywestcentral, australiacentral2, uaecentral, uaenorth, japanwest, brazilsoutheast, norwayeast, norwaywest,
                 francesouth, southindia, koreasouth, jioindiacentral, jioindiawest, qatarcentral, canadaeast, westus3, swedencentral, southafricawest, germanynorth, polandcentral, israelcentral, italynorth,
                 spaincentral'.
StackTrace     :
Exception      : System.Exception
InvocationInfo : {Update-AzSentinelIncident_UpdateExpanded}
Line           : Update-AzSentinelIncident -Id $id -Status "Closed" -ResourceGroupName $rgName -WorkspaceName $workspaceName -Classification Undetermined
Position       : At line:1 char:1
                 + Update-AzSentinelIncident -Id $id -Status "Closed" -ResourceGroupName …
                 + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 8



DEBUG: 13:00:46 - [ConfigManager] Got nothing from [DisplayRegionIdentified], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 13:00:46 - [ConfigManager] Got nothing from [CheckForUpgrade], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: AzureQoSEvent:  Module: Az.Accounts:3.0.4; CommandName: Resolve-AzError; PSVersion: 7.4.5; IsSuccess: True; Duration: 00:00:00.0952190; SanitizeDuration: 00:00:00.0019098
DEBUG: 13:00:46 - [ConfigManager] Got nothing from [EnableDataCollection], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 13:00:47 - ResolveError end processing.
@AndreasRogge AndreasRogge added bug This issue requires a change to an existing behavior in the product in order to be resolved. needs-triage This is a new issue that needs to be triaged to the appropriate team. labels Sep 20, 2024
@microsoft-github-policy-service microsoft-github-policy-service bot added customer-reported needs-triage This is a new issue that needs to be triaged to the appropriate team. and removed needs-triage This is a new issue that needs to be triaged to the appropriate team. labels Sep 20, 2024
@Torch02
Copy link

Torch02 commented Sep 24, 2024

I have a similar problem with CloudShell & EastUs2:

Issue script & Debug output

PS /home/admin> $incident | %{Update-AzSentinelIncident -ResourceGroupName "security-operations-center-msn1" -WorkspaceName "XdrWorkspace-msn1" -Id $_.id -Classification 'Undetermined' -ClassificationReason 'InaccurateData' -Status 'Closed' -debug}    
DEBUG: 3:47:01 PM - [ConfigManager] Got [True] from [DisplaySecretsWarning], Module = [], Cmdlet = [].
DEBUG: 3:47:01 PM - GetAzureRMContextCommand begin processing with ParameterSet 'GetSingleContext'.
DEBUG: 3:47:01 PM - [ConfigManager] Got nothing from [DisplayBreakingChangeWarning], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 3:47:01 PM - [ConfigManager] Got [True] from [DisplaySecretsWarning], Module = [], Cmdlet = [].
DEBUG: 3:47:01 PM - [ConfigManager] Got nothing from [DisplayRegionIdentified], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 3:47:01 PM - [ConfigManager] Got nothing from [CheckForUpgrade], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 3:47:01 PM - GetAzureRMContextCommand end processing.
DEBUG: [CmdletBeginProcessing]: Starting command
DEBUG: CmdletBeginProcessing: 
DEBUG: CmdletProcessRecordStart: 

Confirm
Are you sure you want to perform this action?
Performing the operation "Update-AzSentinelIncident_UpdateExpanded" on target "Call remote 'IncidentsCreateOrUpdate' operation".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): A
DEBUG: CmdletGetPipeline: 
DEBUG: CmdletBeforeAPICall: 
DEBUG: URLCreated: /subscriptions/506a413b-e256-42c8-b98c-adc54ee35c28/resourceGroups/security-operations-center-msn1/providers/Microsoft.OperationalInsights/workspaces/XdrWorkspace-msn1/providers/Microsoft.SecurityInsights/incidents/%2Fsubscriptions%2F506a413b-e256-42c8-b98c-adc54ee35c28%2FresourceGroups%2Fsecurity-operations-center-msn1%2Fproviders%2FMicrosoft.OperationalInsights%2Fworkspaces%2FXdrWorkspace-msn1%2Fproviders%2FMicrosoft.SecurityInsights%2FIncidents%2F542a47a8-80b1-4f2f-913b-4297518cd3bf?api-version=2021-09-01-preview
DEBUG: RequestCreated: /subscriptions/506a413b-e256-42c8-b98c-adc54ee35c28/resourceGroups/security-operations-center-msn1/providers/Microsoft.OperationalInsights/workspaces/XdrWorkspace-msn1/providers/Microsoft.SecurityInsights/incidents/%2Fsubscriptions%2F506a413b-e256-42c8-b98c-adc54ee35c28%2FresourceGroups%2Fsecurity-operations-center-msn1%2Fproviders%2FMicrosoft.OperationalInsights%2Fworkspaces%2FXdrWorkspace-msn1%2Fproviders%2FMicrosoft.SecurityInsights%2FIncidents%2F542a47a8-80b1-4f2f-913b-4297518cd3bf?api-version=2021-09-01-preview
DEBUG: HeaderParametersAdded: 
DEBUG: BodyContentSet: 
DEBUG: 3:47:18 PM - [ConfigManager] Got nothing from [DisableInstanceDiscovery], Module = [], Cmdlet = []. Returning default value [False].
DEBUG: 3:47:18 PM - [ConfigManager] Got [False] from [EnableLoginByWam], Module = [], Cmdlet = [].
DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
PUT

Absolute Uri:
https://management.azure.com/subscriptions/506a413b-e256-42c8-b98c-adc54ee35c28/resourceGroups/security-operations-center-msn1/providers/Microsoft.OperationalInsights/workspaces/XdrWorkspace-msn1/providers/Microsoft.SecurityInsights/incidents/%2Fsubscriptions%2F506a413b-e256-42c8-b98c-adc54ee35c28%2FresourceGroups%2Fsecurity-operations-center-msn1%2Fproviders%2FMicrosoft.OperationalInsights%2Fworkspaces%2FXdrWorkspace-msn1%2Fproviders%2FMicrosoft.SecurityInsights%2FIncidents%2F542a47a8-80b1-4f2f-913b-4297518cd3bf?api-version=2021-09-01-preview

Headers:
x-ms-unique-id                : 603
x-ms-client-request-id        : ac42a068-4e94-4e28-b85d-cb5f74b49225
CommandName                   : Update-AzSentinelIncident
FullCommandName               : Update-AzSentinelIncident_UpdateExpanded
ParameterSetName              : __AllParameterSets
User-Agent                    : AzurePowershell/v12.3.0,PSVersion/v7.4.5,Az.SecurityInsights/0.0.0,cloud-shell_1.0

Body:
{
  "properties": {
    "classification": "Undetermined",
    "classificationReason": "InaccurateData",
    "status": "Closed"
  }
}


DEBUG: BeforeCall: 
DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
BadRequest

Headers:
Cache-Control                 : no-cache
Pragma                        : no-cache
x-ms-failure-cause            : gateway
x-ms-request-id               : 349ed0c2-3691-4bf5-ab80-3d765e81b1d8
x-ms-correlation-request-id   : 349ed0c2-3691-4bf5-ab80-3d765e81b1d8
x-ms-routing-request-id       : WESTUS:20240924T154719Z:349ed0c2-3691-4bf5-ab80-3d765e81b1d8
Strict-Transport-Security     : max-age=31536000; includeSubDomains
X-Content-Type-Options        : nosniff
X-Cache                       : CONFIG_NOCACHE
X-MSEdge-Ref                  : Ref A: 5D60BAD9FA8F4714A7C609605F570526 Ref B: SJC211051204023 Ref C: 2024-09-24T15:47:18Z
Date                          : Tue, 24 Sep 2024 15:47:18 GMT

Body:
{
  "error": {
    "code": "NoRegisteredProviderFound",
    "message": "No registered resource provider found for location 'eastus2' and API version '2021-09-01-preview' for type 'workspaces'. The supported api-versions are '2015-03-20, 2015-11-01-preview, 2017-01-01-preview, 2017-03-03-preview, 2017-03-15-preview, 2017-04-26-preview, 2020-03-01-preview, 2020-08-01, 2020-10-01, 2021-03-01-privatepreview, 2021-06-01, 2021-12-01-preview, 2022-10-01, 2023-01-01-preview, 2023-09-01'. The supported locations are 'eastus, westeurope, southeastasia, australiasoutheast, westcentralus, japaneast, uksouth, centralindia, canadacentral, westus2, australiacentral, australiaeast, francecentral, koreacentral, northeurope, centralus, eastasia, eastus2, southcentralus, northcentralus, westus, ukwest, southafricanorth, brazilsouth, switzerlandnorth, switzerlandwest, germanywestcentral, australiacentral2, uaecentral, uaenorth, japanwest, brazilsoutheast, norwayeast, norwaywest, francesouth, southindia, koreasouth, jioindiacentral, jioindiawest, qatarcentral, canadaeast, westus3, swedencentral, southafricawest, germanynorth, polandcentral, israelcentral, italynorth, spaincentral'."
  }
}


DEBUG: ResponseCreated: 
DEBUG: BeforeResponseDispatch: 
Update-AzSentinelIncident_UpdateExpanded: No registered resource provider found for location 'eastus2' and API version '2021-09-01-preview' for type 'workspaces'. The supported api-versions are '2015-03-20, 2015-11-01-preview, 2017-01-01-preview, 2017-03-03-preview, 2017-03-15-preview, 2017-04-26-preview, 2020-03-01-preview, 2020-08-01, 2020-10-01, 2021-03-01-privatepreview, 2021-06-01, 2021-12-01-preview, 2022-10-01, 2023-01-01-preview, 2023-09-01'. The supported locations are 'eastus, westeurope, southeastasia, australiasoutheast, westcentralus, japaneast, uksouth, centralindia, canadacentral, westus2, australiacentral, australiaeast, francecentral, koreacentral, northeurope, centralus, eastasia, eastus2, southcentralus, northcentralus, westus, ukwest, southafricanorth, brazilsouth, switzerlandnorth, switzerlandwest, germanywestcentral, australiacentral2, uaecentral, uaenorth, japanwest, brazilsoutheast, norwayeast, norwaywest, francesouth, southindia, koreasouth, jioindiacentral, jioindiawest, qatarcentral, canadaeast, westus3, swedencentral, southafricawest, germanynorth, polandcentral, israelcentral, italynorth, spaincentral'.
DEBUG: [Finally]: Getting exception 'Microsoft.Azure.Commands.Common.Exceptions.AzPSCloudException: InternalException' from response
DEBUG: Finally: 
DEBUG: CmdletAfterAPICall: 
DEBUG: [CmdletProcessRecordAsyncEnd]: Finish HTTP process
DEBUG: CmdletProcessRecordAsyncEnd: 
DEBUG: CmdletProcessRecordEnd: 
DEBUG: AzureQoSEvent:  Module: Az.SecurityInsights:3.1.2; CommandName: Update-AzSentinelIncident; PSVersion: 7.4.5; IsSuccess: False; Duration: 00:00:17.7950544; SanitizeDuration: 00:00:00; Exception: InternalException;

Environment

$PSVersionTable                                                                                                                                                                                                            
            
Name                           Value
----                           -----
PSVersion                      7.4.5
PSEdition                      Core
GitCommitId                    7.4.5
OS                             CBL-Mariner/Linux
Platform                       Unix
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

Module versions

Get-Module Az*

ModuleType Version    PreRelease Name                                ExportedCommands
---------- -------    ---------- ----                                ----------------
Script     3.0.4                 Az.Accounts                         {Add-AzEnvironment, Clear-AzConfig, Clear-AzContext, Clear-AzDefault…}
Script     8.3.0                 Az.Compute                          {Add-AzImageDataDisk, Add-AzVhd, Add-AzVMAdditionalUnattendContent, Add-AzVMDataDisk…}
Script     7.8.1                 Az.Network                          {Add-AzApplicationGatewayAuthenticationCertificate, Add-AzApplicationGatewayBackendAddressPool, Add-AzApplicationGatewayBackendHttpSetting, Add-AzApplicationGateway…
Script     7.4.0                 Az.Resources                        {Export-AzResourceGroup, Export-AzTemplateSpec, Get-AzDenyAssignment, Get-AzDeployment…}
Script     3.1.2                 Az.SecurityInsights                 {Get-AzSentinelAlertRule, Get-AzSentinelAlertRuleAction, Get-AzSentinelAlertRuleTemplate, Get-AzSentinelAutomationRule…}
Script     7.3.0                 Az.Storage                          {Add-AzRmStorageContainerLegalHold, Add-AzStorageAccountManagementPolicyAction, Add-AzStorageAccountNetworkRule, Close-AzStorageFileHandle…}
Script     1.1.3                 Az.Tools.Predictor                  {Disable-AzPredictor, Enable-AzPredictor, Open-AzPredictorSurvey, Send-AzPredictorRating}
Script     0.0.0.10              AzureAD.Standard.Preview            {Add-AzureADApplicationOwner, Add-AzureADDeviceRegisteredOwner, Add-AzureADDeviceRegisteredUser, Add-AzureADDirectoryRoleMember…}
Script     0.9.3                 AzurePSDrive

Resource Providers

image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug This issue requires a change to an existing behavior in the product in order to be resolved. customer-reported needs-triage This is a new issue that needs to be triaged to the appropriate team.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@AndreasRogge @Torch02