Closed Pathward-MikeM closed 8 months ago
Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.
Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.
Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.
Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.
Hi @Pathward-MikeM, thanks for flagging this, we will look into this and provide an update soon.
Hi @Pathward-MikeM, can you please change the runtime version to 4 and restart the function app then check the invocation logs?
Hi @v-rbajaj, I updated the runtime version and am still receiving the same error. Please advise. Thanks!
Hi @Pathward-MikeM, we are checking on this with the team internally and once will receive an update will let you know
Hi @Pathward-MikeM, we are still checking on this with the team internally and once will receive an update will let you know
Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.
Hi @Pathward-MikeM, The error message "invalid ELF header" is related to a module import error in the Azure Function app. The error message indicates that the module "cryptography" is not loading properly The error message suggests that the issue is with the "rust" module, which is a dependency of the "cryptography" module.
Please follow this document for help on troubleshooting. https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/azure-functions/recover-python-functions.md.
Hi @v-rbajaj, this is function app runs from a package file. We do not make changes to the package file as that would prevent future updates - this is Azure best practice. Your recommended path to remediation would involve disabling the run from package setting, thereby preventing future updates. Please correct me if I am wrong here? Thanks!
Hi @Pathward-MikeM, we will get back to you on this.
Hi @Pathward-MikeM, we are looking into the query asked here, we will get back to you once there is an update.
Hi @Pathward-MikeM, we are looking into the query asked here, we will get back to you once there is an update.
Hi @Pathward-MikeM, we are trying to reproduce this issue.
Thanks for your patience @Pathward-MikeM, we are able to reproduce the issue, we are figuring out the fix.
Just wanted to know, have you read the readme file and did the configuration as per the readme file?
Hi @Pathward-MikeM, can you please look into the above comment?
Hi yes I have done all the configuration steps as part of the readme and configuration. Thanks
Is there a way to revert to a previous stable version?
Hi @Pathward-MikeM, I'll get back to you on this as we are reaching out to concerned team. Apologies for the delay in response.
Hi @Pathward-MikeM, sorry for the delay, we are reaching out to concerned team and will get back to you with details by 21st Sept
Hi @Pathward-MikeM, sorry for the delay, we are reaching out to concerned team for this issue.
Hi @Pathward-MikeM, sorry for the delay, we are reaching out to concerned team for this issue, will update you by 17 Oct 2023.
Any updates on this issue, it is after 10/17.
Hi @rcscoggin, sorry for the delay, please give us more time to investigate till 31 Oct 2023.
Hi @Pathward-MikeM , sorry for the delay, please give us more time to investigate till 03 Nov 2023.
Hi @Pathward-MikeM , sorry for the delay, please give us more time to investigate till 08 Nov 2023.
Hi @Pathward-MikeM , we are still investigating on this issue, please give us more time to investigate till 10 Nov 2023.
Is there anything I can do to assist? Are other users not experiencing this issue?
Hi @Pathward-MikeM, Our current challenge centers around identifying a specific missing module in our Function App that is causing this issue which we feel that is the ideal fix. Despite our successful reproduction of the issue via function app deployment on Azure, we still not able to figure out the module, we need to perform local testing, it's noteworthy that other users haven't reported this issue yet.
Hi @Pathward-MikeM ,noticed the issue related to packages while debugging the code and working on it, will update you by 20Nov23
That's great news, thanks, Murali.
From: Murali Krishna Dev Uppugunduri @.> Sent: Thursday, November 16, 2023 9:54 AM To: Azure/Azure-Sentinel @.> Cc: rodger scoggin @.>; Mention @.> Subject: Re: [Azure/Azure-Sentinel] AWS Security Hub Connector invalid ELF header error (Issue #8527)
Hi @Pathward-MikeMhttps://github.com/Pathward-MikeM ,noticed the issue related to packages while debugging the code and working on it, will update you by 20Nov23
— Reply to this email directly, view it on GitHubhttps://github.com/Azure/Azure-Sentinel/issues/8527#issuecomment-1814614206, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ABLFCLGBFLC5272WG7ZR2G3YEYSKZAVCNFSM6AAAAAA2I6HBROVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMJUGYYTIMRQGY. You are receiving this because you were mentioned.Message ID: @.***>
Hi @Pathward-MikeM , fixed few dependency issues as there are version compatible issues, so it's taking time to address those issues, will get back to you updates by 23Nov23.Thanks.
Hi @Pathward-MikeM ,I have fixed locally fixed the packages issues and deployed from VS code,Please find below screen shot for reference with incremented python version i.e.3.9,having packaging issues,once done,will share the package for testing
Hi @v-muuppugund any update?
Hi @Pathward-MikeM ,Apologies for late response,as blocked with high priority issue, unable to focus on this issue,will get back to you with an update by 13Dec2023.
Hi @Pathward-MikeM ,Apologies for late response,as blocked with high priority issue, unable to focus on this issue,will get back to you with an update by 13Dec2023. Hi @Pathward-MikeM ,Till yesterday working on the high priority issue,will focus on this asap and share updates
Hi team, any update?
Hi @Pathward-MikeM ,Working on this one,will share updates by eod
Hi @Pathward-MikeM ,Please use the package url i.e. https://github.com/Azure/Azure-Sentinel/raw/users/v-muuppugund/AWSchanges/DataConnectors/AWS-SecurityHubFindings/AzFunAWSSecurityHubIngestion.zip point this url to WEBSITE_RUN_FROM_PACKAGE in existing function app settings and restart the function app,please let me know if you have any issues,will connect over teams meeting.
Hi @v-muuppugund, good morning! I unfortuntaly am still receiving an error. Screenshot is attached.
Hi @Pathward-MikeM ,Apologies for the delayed response,for me i am not getting issues as i don't have valid account credentials to check this issue,Could you please share email id and conveninet time slots for trouble shooting this issue via teams meeting
Hi, can you drop your email and I will send you an email with availability? Thank you!
Hi @Pathward-MikeM ,Apologies for the delayed response, don't see email id from profile,could you please share couple of time slots to (v-muuppugund@microsoft.com) for teams meeting,Thanks
Hi @Pathward-MikeM, Could you please confirm have you sent your slot time on above mentioned mail id? Thanks!
Hi all, yes I have sent an email to begin scheduling a call. Thanks!
Hi @Pathward-MikeM ,Blocked time for the issue troubleshooting, please let me know if this time isn't convenient.
Hi @Pathward-MikeM ,As discussed over call today ,I am trying the set up in our AWS environment and will update you
Hi @Pathward-MikeM ,As discussed on last Thursday call i,e. 28Dec2023, the initial error is fixed with the package shared by me and the error now getting while token generation and we have environment and i am working on using that replicating the same issue at my end if required will let you know.
Describe the bug AWS Security Hub function app has an error "invalid ELF header". Copy of error here:
Result: Failure Exception: ImportError: /home/site/wwwroot/.python_packages/lib/site-packages/cryptography/hazmat/bindings/_rust.abi3.so: invalid ELF header. Troubleshooting Guide: https://aka.ms/functions-modulenotfound Stack: File "/azure-functions-host/workers/python/3.8/LINUX/X64/azure_functions_worker/dispatcher.py", line 314, in _handle__function_load_request func = loader.load_function( File "/azure-functions-host/workers/python/3.8/LINUX/X64/azure_functions_worker/utils/wrappers.py", line 42, in call raise extend_exception_message(e, message) File "/azure-functions-host/workers/python/3.8/LINUX/X64/azure_functions_worker/utils/wrappers.py", line 40, in call return func(*args, **kwargs) File "/azure-functions-host/workers/python/3.8/LINUX/X64/azure_functions_worker/loader.py", line 85, in load_function mod = importlib.import_module(fullmodname) File "/usr/local/lib/python3.8/importlib/init.py", line 127, in import_module return _bootstrap._gcd_import(name[level:], package, level) File "", line 1014, in _gcd_import File "<frozen (... etc etc)
To Reproduce This is a read only app that is ran from a vendor managed package. We have made no custom changes on our end. To replicate, simply deploy the function app and wait for the error to populate.
Expected behavior No ELF header error, expected behavior is ingestion of AWS Security Hub findings into Sentinel.
Screenshots
Desktop (please complete the following information):