Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Microsoft.SecurityInsights api-version 2019-01-01 - ThreatIntelligenceAlertRuleProperties - Severity/displayName is not ReadOnly #14213

Open
kaovd opened this issue May 2, 2021 · 2 comments
Open

Microsoft.SecurityInsights api-version 2019-01-01 - ThreatIntelligenceAlertRuleProperties - Severity/displayName is not ReadOnly #14213

kaovd opened this issue May 2, 2021 · 2 comments
Labels
question The issue doesn't require a change to the product in order to be resolved. Most issues start as that SecurityInsights Service Attention Workflow: This issue is responsible by Azure service team.

Comments

@kaovd
Copy link

kaovd commented May 2, 2021
edited
Loading

While Implementing the securityinsight.ThreatIntelligenceAlertRule type, there appears to be a mismatch from the API Spec and the actual backend. Recieved below error when creating an alert rule from template


{"kind":"ThreatIntelligence","properties":{"alertRuleTemplateName":"0dd422ee-e6af-4204-b219-f59ac172e4c6","enabled":false}}
2021/05/02 10:27:22 [DEBUG] AzureRM Response for https://management.azure.com/subscriptions/[redacted]/resourceGroups/acctestRG-sentinel-210502102421773467/providers/Microsoft.OperationalInsights/workspaces/acctestLAW-210502102421773467/providers/Microsoft.SecurityInsights/alertRules/acctest-SentinelAlertRule-ThreatIntelligence-210502102421773467?api-version=2019-01-01-preview: 
HTTP/2.0 400 Bad Request
-- snipped --

{"error":{"code":"BadRequest","message":"Required property 'severity' not found in JSON. Path 'properties', line 3, position 17."}}

This appears to be implemented correctly as readonly in the Go SDK here - From this im guessing this must be a backend issue. severity and displayName should both be readonly although are required. See below of a succesful API Request:
image

azure-rest-api-specs/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json

Line 9021 in dceaa75

"readOnly": true

@ghost ghost added needs-triage Workflow: This is a new issue that needs to be triaged to the appropriate team. question The issue doesn't require a change to the product in order to be resolved. Most issues start as that labels May 2, 2021
@leni-msft leni-msft added SecurityInsights Service Attention Workflow: This issue is responsible by Azure service team. labels May 3, 2021
@ghost ghost removed the needs-triage Workflow: This is a new issue that needs to be triaged to the appropriate team. label May 3, 2021
@ghost
Copy link

ghost commented May 3, 2021

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @amirkeren.

Issue Details

While Implementing the securityinsight.ThreatIntelligenceAlertRule type, there appears to be a mismatch from the API Spec and the actual backend. Recieved below error when creating an alert rule from template


{"kind":"ThreatIntelligence","properties":{"alertRuleTemplateName":"0dd422ee-e6af-4204-b219-f59ac172e4c6","enabled":false}}
2021/05/02 10:27:22 [DEBUG] AzureRM Response for https://management.azure.com/subscriptions/[redacted]/resourceGroups/acctestRG-sentinel-210502102421773467/providers/Microsoft.OperationalInsights/workspaces/acctestLAW-210502102421773467/providers/Microsoft.SecurityInsights/alertRules/acctest-SentinelAlertRule-ThreatIntelligence-210502102421773467?api-version=2019-01-01-preview: 
HTTP/2.0 400 Bad Request
-- snipped --

{"error":{"code":"BadRequest","message":"Required property 'severity' not found in JSON. Path 'properties', line 3, position 17."}}

This appears to be implemented correctly as readonly in the Go SDK here - From this im guessing this must be a backend issue. severity and displayName should both be readonly although are required. See below of a succesful API Request:
image

azure-rest-api-specs/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2019-01-01-preview/SecurityInsights.json

Line 9021 in dceaa75

"readOnly": true

Author: kaovd
Assignees: leni-msft
Labels:

SecurityInsights, Service Attention, needs-triage, question
Milestone: -

@kaovd
Copy link
Author

kaovd commented Jun 17, 2021
edited
Loading

This is also broken in 2021-03-01-preview API Spec @anat-gilenson
image

#14753

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question The issue doesn't require a change to the product in order to be resolved. Most issues start as that SecurityInsights Service Attention Workflow: This issue is responsible by Azure service team.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@leni-msft @kaovd