You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Prompted with message to confirm to proceed below
Confirm
Are you sure you want to perform this action?
Performing the operation "Set-AzSentinel" on target "Do you want to enable Sentinel for Workspace: /subscriptions//resourcegroups/rg-aue-shared-sentinel-005/providers/microsoft.operationalinsights/workspaces/log-aue-shared-sentinel-005".
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): Y
Should be to set workspace to Sentinel without issue.
Actual behavior
Error returned with
Set-AzSentinel: Unable to enable Sentinel on log-aue-shared-sentinel-005 with error message: Response status code does not indicate success: 400 (Bad Request).
The error 400 happens when invoking request below inside function Set-AzSentinel.
Hi there,
I have had used this module before and I didn't encounter any issue in setting a log analytic workspace to Sentinel until recently.
Getting error message status code 400 when command Set-Sentinel is used.
Your feedback in this matter is much appreciated.
Environment
Steps to reproduce
Set-AzContext -subscription
Set-AzSentinel -WorkspaceName log-aue-shared-sentinel-005
Expected behavior
Prompted with message to confirm to proceed below
Confirm
Are you sure you want to perform this action?
Performing the operation "Set-AzSentinel" on target "Do you want to enable Sentinel for Workspace: /subscriptions//resourcegroups/rg-aue-shared-sentinel-005/providers/microsoft.operationalinsights/workspaces/log-aue-shared-sentinel-005".
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): Y
Should be to set workspace to Sentinel without issue.
Actual behavior
Error returned with
Set-AzSentinel: Unable to enable Sentinel on log-aue-shared-sentinel-005 with error message: Response status code does not indicate success: 400 (Bad Request).
The error 400 happens when invoking request below inside function Set-AzSentinel.
$result = Invoke-webrequest -Uri $uri -Method Put -Headers $script:authHeader -Body ($body | ConvertTo-Json)
and I suspect it might be caused by 'SecurityInsights($workspace)' where $body hashtable below is constructed.
So I did a debug in powershell windows and noticed that the name still contains $workspace
Replaced with the following
'SecurityInsights({0})' -f $workspaceName
and workspace is to Sentinel without issue.
](https://github.com/wortell/AZSentinel/issues)
The text was updated successfully, but these errors were encountered: