Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Set-Sentinel returns with status code 400 #192

Open
Nickteekw opened this issue Nov 15, 2021 · 0 comments · May be fixed by #193
Open

Set-Sentinel returns with status code 400 #192

Nickteekw opened this issue Nov 15, 2021 · 0 comments · May be fixed by #193

Comments

@Nickteekw
Copy link

Hi there,

I have had used this module before and I didn't encounter any issue in setting a log analytic workspace to Sentinel until recently.

Getting error message status code 400 when command Set-Sentinel is used.

Your feedback in this matter is much appreciated.

Environment

Windows build number: Version 10.0.18363.1854
PowerShell version (if applicable): 7.2.0

Any other software?

Steps to reproduce

Set-AzContext -subscription

Set-AzSentinel -WorkspaceName log-aue-shared-sentinel-005

Expected behavior

Prompted with message to confirm to proceed below
Confirm
Are you sure you want to perform this action?
Performing the operation "Set-AzSentinel" on target "Do you want to enable Sentinel for Workspace: /subscriptions//resourcegroups/rg-aue-shared-sentinel-005/providers/microsoft.operationalinsights/workspaces/log-aue-shared-sentinel-005".
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): Y

Should be to set workspace to Sentinel without issue.

Actual behavior

Error returned with

Set-AzSentinel: Unable to enable Sentinel on log-aue-shared-sentinel-005 with error message: Response status code does not indicate success: 400 (Bad Request).

The error 400 happens when invoking request below inside function Set-AzSentinel.

$result = Invoke-webrequest -Uri $uri -Method Put -Headers $script:authHeader -Body ($body | ConvertTo-Json)

and I suspect it might be caused by 'SecurityInsights($workspace)' where $body hashtable below is constructed.

So I did a debug in powershell windows and noticed that the name still contains $workspace

image

Replaced with the following

'SecurityInsights({0})' -f $workspaceName

and workspace is to Sentinel without issue.

](https://github.com/wortell/AZSentinel/issues)

@Nickteekw Nickteekw changed the title Bug Report Set-Sentinel returns with status code 400 Nov 15, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant