Closed shikhin-metron closed 3 years ago
github-actions[bot]
commented
3 years ago Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.
sarah-yo
commented
3 years ago @shikhin-metron can you share your PUT request (you can hide IDs etc) as it sounds like the request is wrong?
Are you adding a valid incident ID that hasn't been used before in your workspace to your request? This is a common mistake we see with this part of the API.
shikhin-metron
commented
3 years ago @shikhin-metron can you share your PUT request (you can hide IDs etc) as it sounds like the request is wrong?
Are you adding a valid incident ID that hasn't been used before in your workspace to your request? This is a common mistake we see with this part of the API.
header_json = { "Authorization": "Bearer %s" % access_token, "Content-Type":"application/json"}
url = "https://management.azure.com/subscriptions/" + subscriptionId + "/resourceGroups/" + resourceGroupName + "/providers/Microsoft.OperationalInsights/workspaces/" + workspaceName + "/providers/Microsoft.SecurityInsights/incidents?api-version=2021-04-01"
response = requests.post(url, data=json.dumps(data), headers=header_json)in data variable I have the exact json data with a little status change(for checking if it updates on azure sentinel portal) for an incident, I saw that json when I did GET request before and copy pasted that. I am not passing incident ID any other way except from json in data variable, do I need to send it outside that as well? I am trying to update not create.
shikhin-metron
commented
3 years ago I noticed that I used POST request instead of PUT, my mistake here. After trying with put I still get similar error. <Response [405]> {"error":{"code":"UnsupportedApiVersion","message":"The HTTP resource that matches the request URI 'https://weu.rp.asi.azure.com/subscriptions/{subscriptionID}/resourceGroups/{resourcegroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents' with API version '2021-04-01' does not support HTTP method 'PUT'.","innerError":null}}
shikhin-metron
commented
3 years ago It is working now. I found out that I need to put incident name in url after "incidents/". Is there any way to access incidents using incident number?
github-actions[bot]
commented
3 years ago Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.
<Response [405]> {"error":{"code":"UnsupportedApiVersion","message":"The HTTP resource that matches the request URI 'https://weu.rp.asi.azure.com/subscriptions/{subscriptionid}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents' with API version '2021-04-01' does not support HTTP method 'PUT'.","innerError":null}}
My resource group location is UK South. I am trying to use the documentation here https://docs.microsoft.com/en-us/rest/api/securityinsights/incidents/create-or-update I tried GET incidents and that worked fine but PUT is not working. Tried using different api versions but still not working. Any solution or alternative for this? I am sorry if this is a wrong place to ask this.