Comments (4)
hi @jutlag, The property "resourceGroupName" is not port of AzSentinel so I think you are using the MS PowerShell module. In AzSentinel Tactics are configured as following:
-Tactics @("Persistence","LateralMovement")
see readme for more info
from azsentinel.
Exactly that is what we tried and still get the same error. The same error message is received.
from azsentinel.
can you try running it as following:
AzSentinel\New-AzSentinelAlertRule -WorkspaceName "dev" -DisplayName "test0103" -Description "something" -Severity High -Enabled $true -Query 'SecurityEvent' -QueryFrequency "5H" -QueryPeriod "6H" -TriggerOperator GreaterThan -TriggerThreshold 5 -SuppressionDuration "5h" -SuppressionEnabled $false -Tactics @("Persistence","LateralMovement")
from azsentinel.
I had tried all these options before contacting you guys. I understand the data type expected by the parameter value. I can dump the existing tactics with the get command and see the format used as well. I have taken examples from the ARM templates. I know how the expected data type i.e. "System.Collections.Generic.IList`1[System.String]" can be constructed and passed. There seems to be a problem in the module code in parsing the data provided to this parameter. I would really appreciate if you could review the code please.
from azsentinel.
Related Issues (20)
- Bug Report HOT 1
- Import-AzSentinelDataConnector doesn't configure AzureSecurityCenter Data Connector
- Import-AzSentinelAlertRule fails when passing multiple JSON files HOT 5
- Bug Report HOT 2
- [Feature Request] Support new anomaly rule type
- [Feature Request] Retry-able errors HOT 2
- Entities Mapping HOT 5
- Alert Details Settings
- Bug Report: Issue with Taxii Data Connectors HOT 1
- Import-AzSentinelAlertRule update to support CustomDetails HOT 1
- Set-AzSentinel: Response status code does not indicate success: 401 (Unauthorized) HOT 1
- [Feature Request] Support new ThreatIntelligence rule kind
- Set-Sentinel returns with status code 400
- Failed to import "AzureResource" entityType and "ResourceId" field.
- Set-AzSentinel: Unable to enable Sentinel on workspace with error message: Response status code does not indicate success: 404 (Not Found). HOT 5
- Import-AzSentinelAlertRule with invalid rule does not cause exception
- Add capability to deploy Techniques in analytics rule for Microsoft Sentinel
- Bug Report HOT 1
- New-AzSentinelAlertRule doesnt work HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from azsentinel.