Closed Wallace4444 closed 10 months ago
Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.
hi @Wallace4444 we are aware of this issue and we're looking into its fix. For now, can you please try installing the schema you need individually. If you get error with individual schemas as well, please retry 2-3 times. This issue is more related to Log Analytics than Sentinel, we are working with concerned teams to get this resolved soon. Thankyou
Hi @Wallace4444, hope you are doing well. As this issue has already been reported in the following GitHub issue: - https://github.com/Azure/Azure-Sentinel/issues/8623 and is presently under investigation, we recommend monitoring the issue for updates. Consequently, we are closing this issue for the time being. Feel free to comment on #8623 if there is anything you would like to share more. Thank you for your co-operation.
Describe the bug When deploying ASIM to Azure from https://github.com/Azure/Azure-Sentinel/tree/master/ASIM, the deployment fails.
A number of parsers fail with:
The resource write operation failed to complete successfully, because it reached terminal provisioning state 'Failed'. (Code: ResourceDeploymentFailure)
At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-deployment-operations for usage details. (Code: DeploymentFailed), {
"error": {
}
} (Code: Conflict)
Have tested on a brand new Sentinel workspace and it fails with same error.
To Reproduce Steps to reproduce the behavior:
Expected behavior ASIM Parsers deployed successfully.
Screenshots
Desktop (please complete the following information):