search

Azure / Azure-Sentinel-Notebooks

Interactive Azure Sentinel Notebooks provides security insights and actions to investigate anomalies and hunt for malicious behaviors.
MIT License
555 stars 191 forks source link

Data processing issue with Azure Sentinel Template: Guided Investigation - Process Alerts.ipynb #117

Open khangm opened 2 years ago

khangm commented 2 years ago

error found in "Show these related alerts on a graph" and "Browse List of Related Alerts" sections when processing data for displaying. Various errors were displayed. Here is the top and bottom part of the output.

AttributeError Traceback (most recent call last)

in 2 3 if related_alerts is not None and not related_alerts.empty: ----> 4 rel_alert_graph = security_alert_graph.add_related_alerts(related_alerts=related_alerts, global rel_alert_graph = undefined global security_alert_graph.add_related_alerts = global related_alerts = TenantId TimeGenerated \ 0 xxxxxxxx-xxxx-4e32-xxxx-9bc4bxxx075e 2021-10-26 10:30:18.562000+00:00 1 xxxxxxxx-xxxx-4e32-xxxx-9bc4bxxx075e 2021-10-26 10:30:18.333000+00:00 ...... ...... entity_type_name = 'url' raw_entity = {'$id': '13', 'Url': 'https://on-d.oss-cn-shenzhen.aliyuncs.com/download/%E5%8C%97%E4%BA%AC%E5%B8%82%E7%BD%91%E4%B8%8A%E7%A8%8E%E5%8A%A1%E5%B1%80%28%E8%87%AA%E7%84%B6%E4%BA%BA%E7%89%88%29_01210003296.exe', 'Type': 'url'} 450 451 raise TypeError("Could not find a suitable type for {}".format(entity_type)) /anaconda/envs/azureml_py38/lib/python3.8/site-packages/msticpy/datamodel/entities/url.py in __init__(self=Url(Type=url), src_entity={'$id': '13', 'Type': 'url', 'Url': 'https://on-d.oss-cn-shenzhen.aliyuncs.com/downlo...%AA%E7%84%B6%E4%BA%BA%E7%89%88%29_01210003296.exe'}, **kwargs={}) 31 """ 32 super().__init__(src_entity=src_entity, **kwargs) ---> 33 if self.Url: self.Url = undefined 34 self.__dict__.update(url_components(self.Url)) 35 /anaconda/envs/azureml_py38/lib/python3.8/site-packages/msticpy/datamodel/entities/entity.py in __getattr__(self=Url(Type=url), name='Url') 196 if name in self._entity_schema: 197 return None --> 198 raise AttributeError(f"{name} is not a valid attribute.") global AttributeError = undefined 199 200 def __iter__(self): AttributeError: Url is not a valid attribute.
ianhelle commented 2 years ago

We've updated the Url entity since this version so it no longer tries to access it's URL property. We're also planning to update these notebooks in the next couple of months (this one was written aeons ago) so I'll try to check this one out and see that it works properly with up-to-date versions of msticpy.

Thanks for reporting the issue,

ianhelle commented 2 years ago

Leaving open for tracking