You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Cannot import the specific entity Type "AzureResource"
"Account" and "IP" Types are able to import, but "AzureResource" cannot be imported.
Here is snipped the entityMapping of YAML source. In my understanding, the format is correct (entityType = "AzureResource" and fieldMapping = "ResourceId").
Missed fieldMapping of "Name" identifer. Sentinel imported as "FullName".
The mapping entityType of Account defines "Name", but it was imported as "FullName" about entityType.
- entityType: Account
fieldMappings:
- identifier: Name
columnName: AccountCustomEntity
Can you please advise me how to resolve issues? thanks you.
The text was updated successfully, but these errors were encountered:
Environment
PSVersion 7.2.2
PSEdition Core
OS Microsoft Windows 10.0.22000
AzSentinel 0.6.21
Steps to reproduce
Import the following sample YAML rule.
https://github.com/hisashin0728/SentinelRule_AzureCISBenchmark/blob/main/CIS_521.yaml
Import-AzSentinelAlertRule -SubscriptionId -WorkspaceName -SettingsFile "CIS_521.yaml"
Expected behavior
Successfully to import a rule.
Actual behavior
Succeeded but few parameters are NOT imported.
"Account" and "IP" Types are able to import, but "AzureResource" cannot be imported.
Here is snipped the entityMapping of YAML source. In my understanding, the format is correct (entityType = "AzureResource" and fieldMapping = "ResourceId").
The mapping entityType of Account defines "Name", but it was imported as "FullName" about entityType.
Can you please advise me how to resolve issues? thanks you.
The text was updated successfully, but these errors were encountered: