content template $PaloAltoPrismaCloudCWPP not found

Azure / Azure-Sentinel

Cloud-native SIEM for intelligent security analytics for your entire enterprise.

https://azure.microsoft.com/en-us/services/azure-sentinel/

MIT License

4.5k stars 2.96k forks source link

content template $PaloAltoPrismaCloudCWPP not found #9962

Closed ep3p closed 6 months ago

ep3p commented 7 months ago

Describe the bug

I am trying to connect "Palo Alto Prisma Cloud CWPP (using REST API)". I have the "Path to console", the "Prisma Access Key (API)" and the "Secret".

I have followed these steps (https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Palo%20Alto%20Prisma%20Cloud%20CWPP/Data%20Connectors/readme.md)

When trying to connect it always tells "content template $PaloAltoPrismaCloudCWPP not found"

I have tried to delete the solution, install again, two times. Always the same error.

Screenshots

Additional context

Please, can you imagine which could be the problem?

I have tried to look for the string "$PaloAltoPrismaCloudCWPP" in this repository, and I have not found it. I believe the "$" character might be a problem, because there should be a "PaloAltoPrismaCloudCWPP" template, but maybe not a "$PaloAltoPrismaCloudCWPP"?

v-sudkharat commented 6 months ago

Hi @ep3p, Thanks for flagging this issue, we will investigate this issue and get back to you with some updates by 23-02-2024. Thanks!

v-sudkharat commented 6 months ago

Hi @ep3p, Could you please custom deploy the Solution MainTemplate and check whether your issue get resolved. Sharing the MainTemplate and Custom deployment steps-

Custom Deployment - Custom Deployment of the Solution - Copy.docx

MainTemplate - mainTemplate (4).json

Thanks!

ep3p commented 6 months ago

@v-sudkharat it has worked perfectly, thank you very much.

There is only one inconvenience, I have not received yet any event in PrismaCloudCompute_CL, because no alert has happened yet, I believe.

Please, give me a week to diagnose if I receive events, or didn't (and should have received events).

v-sudkharat commented 6 months ago

@ep3p, always welcome. So with your permission could you please let us know can we close this issue. Thanks!

ep3p commented 6 months ago

Thank you again @v-sudkharat

It is working, I have received events. You can consider this issue solved.

v-sudkharat commented 6 months ago

Hi @ep3p, Thank you for your confirmation. Closing this issue. If you still need support for this issue, feel free to re-open it any time. Thank you for your co-operation.

MohamedAli88 commented 3 months ago

we have implemented this solution and we are not getting any events ingested into Sentinel.