search

Azure / Azure-Sentinel

Cloud-native SIEM for intelligent security analytics for your entire enterprise.
https://azure.microsoft.com/en-us/services/azure-sentinel/
MIT License
4.57k stars 3k forks source link

Wrong use of label notation in Office365 workbook #2480

Closed josephka3 closed 3 years ago

josephka3 commented 3 years ago

In the below O365 workbook, in multiple places it is given as, "{Workload:lable}" The spelling of label is wrong here, it is given as "lable" https://github.com/Azure/Azure-Sentinel/blob/master/Workbooks/Office365.json

As shown in below doc, it should be, "label" https://docs.microsoft.com/en-us/azure/azure-monitor/visualize/workbooks-dropdowns#drop-down-parameter-options

It is not detected by the editor either probably because it considers it a string. Since it is part of the OR condition in the queries, the workbook works. Kindly rectify this if my understanding of the above is right.

github-actions[bot] commented 3 years ago

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

v-jayakal commented 3 years ago

Workbook has been modified, changes will be deployed in the next deployment. Please reopen the issue.

github-actions[bot] commented 3 years ago

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.