Closed Pathward-MikeM closed 8 months ago
v-muuppugund
commented
9 months ago Hi @Pathward-MikeM ,I have created security hub in our environment and role ,debugging it,Will update you and trying to replicate the second issue after first issue fix at my end
v-muuppugund
commented
9 months ago Hi @Pathward-MikeM ,still working on fixes in the environment created,will update you,once fix is completed ,will block your calendar.
v-muuppugund
commented
9 months ago Hi @Pathward-MikeM ,Still need some time to complete debugging,will share an update this week and will block your calendar for the same.
v-muuppugund
commented
9 months ago Hi @Pathward-MikeM ,Fixed the issues while generating token,please find below screen shot for reference,please share convenient time slot for teams meeting
v-muuppugund
commented
8 months ago Hi @Pathward-MikeM ,Tomorrow call has been scheduled for redeploying entire solution earlier call fixed aws permissions and azure function configuration issues.
v-muuppugund
commented
8 months ago Hi @Pathward-MikeM , As discussed over teams confirmed the issue has been resolved, so, closing this issue (https://github.com/Azure/Azure-Sentinel/issues/8527),will raising the PR and Post updates over chat . If you still need support for this issue, feel free to re-open at any time. Thank you for your co-operation!
CyberHunter7
commented
8 months ago Hi @v-muuppugund we have been waiting for a fix for this issue for a couple of months now. We see it's marked as resolved, we have deployed to Azure once again but the original message error still there. Could you please confirm if the AzFunAWSSecurityHubIngestion.zip is now updated on (Azure-Sentinel/DataConnectors/AWS-SecurityHubFindings) to reflect the last updates ? If yes could we schedule a call in order to look into this matter. Thank you.
v-muuppugund
commented
8 months ago Hi @v-muuppugund we have been waiting for a fix for this issue for a couple of months now. We see it's marked as resolved, we have deployed to Azure once again but the original message error still there. Could you please confirm if the AzFunAWSSecurityHubIngestion.zip is now updated on (Azure-Sentinel/DataConnectors/AWS-SecurityHubFindings) to reflect the last updates ? If yes could we schedule a call in order to look into this matter. Thank you.
Will be raising PR ,will update you
v-muuppugund
commented
8 months ago Hi @v-muuppugund we have been waiting for a fix for this issue for a couple of months now. We see it's marked as resolved, we have deployed to Azure once again but the original message error still there. Could you please confirm if the AzFunAWSSecurityHubIngestion.zip is now updated on (Azure-Sentinel/DataConnectors/AWS-SecurityHubFindings) to reflect the last updates ? If yes could we schedule a call in order to look into this matter. Thank you.
Will be raising PR ,will update you
@CyberHunter7 raised pr for it https://github.com/Azure/Azure-Sentinel/pull/9910
CyberHunter7
commented
8 months ago Hi @v-muuppugund we have been waiting for a fix for this issue for a couple of months now. We see it's marked as resolved, we have deployed to Azure once again but the original message error still there. Could you please confirm if the AzFunAWSSecurityHubIngestion.zip is now updated on (Azure-Sentinel/DataConnectors/AWS-SecurityHubFindings) to reflect the last updates ? If yes could we schedule a call in order to look into this matter. Thank you.
Will be raising PR ,will update you
@CyberHunter7 raised pr for it #9910 Hi @v-muuppugund Any news ?
v-muuppugund
commented
8 months ago Hi @v-muuppugund we have been waiting for a fix for this issue for a couple of months now. We see it's marked as resolved, we have deployed to Azure once again but the original message error still there. Could you please confirm if the AzFunAWSSecurityHubIngestion.zip is now updated on (Azure-Sentinel/DataConnectors/AWS-SecurityHubFindings) to reflect the last updates ? If yes could we schedule a call in order to look into this matter. Thank you.
Will be raising PR ,will update you
@CyberHunter7 raised pr for it #9910 Hi @v-muuppugund Any news ?
Hi @CyberHunter7 , Working on PR push as team has asked me to check another issue i.e. dependency bot version compatibility issue for this connector ,so i am occupied with other items, didn't get chance to check it, will be checking that also and pushing it.
v-muuppugund
commented
8 months ago Hi @v-muuppugund we have been waiting for a fix for this issue for a couple of months now. We see it's marked as resolved, we have deployed to Azure once again but the original message error still there. Could you please confirm if the AzFunAWSSecurityHubIngestion.zip is now updated on (Azure-Sentinel/DataConnectors/AWS-SecurityHubFindings) to reflect the last updates ? If yes could we schedule a call in order to look into this matter. Thank you.
Will be raising PR ,will update you
@CyberHunter7 raised pr for it #9910 Hi @v-muuppugund Any news ?
Hi @CyberHunter7 , Working on PR push as team has asked me to check another issue i.e. dependency bot version compatibility issue for this connector ,so i am occupied with other items, didn't get chance to check it, will be checking that also and pushing it.
Hi @CyberHunter7 ,I have completed the package compatability for cryptography version upgrade by dependency bot and PR is under review as team asked me to check on the another item for the same connector,will update you once completed.
CyberHunter7
commented
7 months ago Hi @v-muuppugund we have been waiting for a fix for this issue for a couple of months now. We see it's marked as resolved, we have deployed to Azure once again but the original message error still there. Could you please confirm if the AzFunAWSSecurityHubIngestion.zip is now updated on (Azure-Sentinel/DataConnectors/AWS-SecurityHubFindings) to reflect the last updates ? If yes could we schedule a call in order to look into this matter. Thank you.
Will be raising PR ,will update you
@CyberHunter7 raised pr for it #9910 Hi @v-muuppugund Any news ?
Hi @CyberHunter7 , Working on PR push as team has asked me to check another issue i.e. dependency bot version compatibility issue for this connector ,so i am occupied with other items, didn't get chance to check it, will be checking that also and pushing it.
Hi @CyberHunter7 ,I have completed the package compatability for cryptography version upgrade by dependency bot and PR is under review as team asked me to check on the another item for the same connector,will update you once completed.
Hi @v-muuppugund Thank you for your support. It's working now.
CyberHunter7
commented
7 months ago Hi @Pathward-MikeM since you opened this issue, just checking if you noticed that events related to Macie and GuardDuty, even if it's showing in Security Hub (in the aws console or aws cli output), it does not appear on Azure Log Analytics side ? What's visible in Azure log analytics side are only events related to security standards.
Pathward-MikeM
commented
7 months ago Yes, I have experienced issues with the connector since update. @CyberHunter7 have you found any workarounds?
CyberHunter7
commented
7 months ago @Pathward-MikeM I opened an issue about it here.
https://github.com/Azure/Azure-Sentinel/issues/10180#issue-2195610254
Describe the bug AWS Security Hub function app has an error "invalid ELF header". Copy of error here:
Result: Failure Exception: ImportError: /home/site/wwwroot/.python_packages/lib/site-packages/cryptography/hazmat/bindings/_rust.abi3.so: invalid ELF header. Troubleshooting Guide: https://aka.ms/functions-modulenotfound Stack: File "/azure-functions-host/workers/python/3.8/LINUX/X64/azure_functions_worker/dispatcher.py", line 314, in _handle__function_load_request func = loader.load_function( File "/azure-functions-host/workers/python/3.8/LINUX/X64/azure_functions_worker/utils/wrappers.py", line 42, in call raise extend_exception_message(e, message) File "/azure-functions-host/workers/python/3.8/LINUX/X64/azure_functions_worker/utils/wrappers.py", line 40, in call return func(*args, **kwargs) File "/azure-functions-host/workers/python/3.8/LINUX/X64/azure_functions_worker/loader.py", line 85, in load_function mod = importlib.import_module(fullmodname) File "/usr/local/lib/python3.8/importlib/init.py", line 127, in import_module return _bootstrap._gcd_import(name[level:], package, level) File "", line 1014, in _gcd_import File "<frozen (... etc etc)
To Reproduce This is a read only app that is ran from a vendor managed package. We have made no custom changes on our end. To replicate, simply deploy the function app and wait for the error to populate.
Expected behavior No ELF header error, expected behavior is ingestion of AWS Security Hub findings into Sentinel.
Screenshots
Desktop (please complete the following information):