Open kieranwalsh opened 1 year ago
@JoyerJin do you have updates for this issue?
According to the HTTP traffic, the top parameter was sent to the backed. We will contack Security Insights team for furthur debugging.
I'll loop in security insights team to look into the issue why the"top" parameter doesn't work.
At the meantime @kieranwalsh it would be great if you could share the debug log (put $DebugPreference = 'Continue'
before the Get
command) and don't forget to double check for sensitive info before posting.
Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @nazang.
I'll loop in security insights team to look into the issue why the"top" parameter doesn't work. At the meantime @kieranwalsh it would be great if you could share the debug log (put
$DebugPreference = 'Continue'
before theGet
command) and don't forget to double check for sensitive info before posting.
Hi @isra-fel I did use the $DebugPreference = 'Continue'
initially, but as there are 98k incidents there was far too much data to use. Is there anything else I can try to give useful data but also limit the amount?
The debug log would have both HTTP request and response. We are more interested in the request (about the beginning 30 lines) because we can narrow down if the issue is in the client or server.
Description
The Get-AzSentinelIncident switch "-top" does not list the number of incidents requested, but instead, it lists all incidents - which can be in the 1,000s.
Issue script & Debug output
Environment data
Module versions
Error output