Azure Government #86
Comments
|
@nconder i was able to get it to work for a little bit by using sed, to swap out all the api endpoints to the gov equivalent. but then my token would not refresh not sure why. On another note is it possible to limit the requests (via a filter ?)brought back when using Get-AzSentinelIncident? |
|
I forked the project and added an ‘Environment’ parameter, supporting logic, and associated comment-based help: https://github.com/john-crouch/AZSentinel/tree/AzEnvironment For any of the module's cmdlets, just include -Environment AzureUsGovernment I'm happy to submit a PR if this is an acceptable solution. @NVolcz @maartengoet @bgelens |
|
Not sure why I was mentioned in this issue :-). |
I uninstalled the release and tired you fork and I'm still getting 404's. Looks like the domain is still pointing to Azure public API "https://management.azure.com" Get-AzSentinelAlertRule -SubscriptionId xxxxxxx-xxxx-xxxxx-xxxxx-xxxxxxxxx -WorkspaceName myworkspace -Verbose Showing that I'm logged into the Gov environment.
|
|
@john-crouch, we identified and resolved the problems causing us to continue to point to Azure Public instead of the GOV domains. While not extensively tested we've validated Get-AzSentinelAlertRule and Get-AzSentinelHuntingRule work as expected but that Export-AzSentinel does not appear to be 'Environment' aware as it throws a "Export-AzSentinel: A parameter cannot be found that matches parameter name 'Environment'." message when the parameter is added. Thanks for your help and quick turnaround! |
|
@nconder thanks for the feedback! I've fixed the issue you identified and successfully tested Export-AzSentinel against an Azure gov subscription. |
Hi @john-crouch have you created a pull request yet if not did you need any help to validate? |
|
Hi! I need to use AZSentinel with an Azure GOV environment too and am interested in this functionality being rolled up into the release version also. |
Is Azure Government supported? I am 100% confident that the subscription and workspace exists.
`Get-AzSentinelAlertRule -WorkspaceName "XXXXX" -Verbose
VERBOSE: Getting Worspace from Subscription XXXXXX-XXXXXXX-XXXXXX
VERBOSE: GET https://management.azure.com/subscriptions/XXXXXX-XXXXXXX-XXXXXX/providers/Microsoft.OperationalInsights/workspaces?api-version=2015-11-01-preview with 0-byte payload
VERBOSE: received 129-byte response of content type application/json
Invoke-WebRequest: C:\Users\XXXXXX\Documents\PowerShell\Modules\AzSentinel\0.6.5\AzSentinel.psm1:503
Line |
503 | … orkspaces = Invoke-webrequest -Uri $uri -Method get -Headers $script: …
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| {"error":{"code":"SubscriptionNotFound","message":"The subscription 'XXXXXX-XXXXXXX-XXXXXX' could not be found."}}
ConvertFrom-Json: C:\Users\XXXXXX\Documents\PowerShell\Modules\AzSentinel\0.6.5\AzSentinel.psm1:504
Line |
504 | … $workspaceObject = ($workspaces.Content | ConvertFrom-Json).value …
| ~~~~~~~~~~~~~~~~
| Cannot bind argument to parameter 'InputObject' because it is null.
Write-Error: C:\Users\XXXXXX\Documents\PowerShell\Modules\AzSentinel\0.6.5\AzSentinel.psm1:2446
Line |
2446 | Get-LogAnalyticWorkspace @arguments
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Unable to find workspace XXXXXXXX under Subscription Id: XXXXXX-XXXXXXX-XXXXXX`
The text was updated successfully, but these errors were encountered: