search

briandelmsft / STAT-Function

Azure Function for the Microsoft Sentinel Triage AssistanT (STAT)
https://aka.ms/mstat
MIT License
8 stars 1 forks source link

[BUG] Base Module - AddAccountComments parameter is ignored #65

Closed piaudonn closed 4 weeks ago

piaudonn commented 1 month ago

Typo in the code, we check for the parameter AddAccountComment instead of AddAccountComments. As a result, we always add comments for Accounts. https://github.com/briandelmsft/STAT-Function/blob/main/modules/base.py#L61

Need to check for the other comment parameters if it needs to be plural or not.

briandelmsft commented 1 month ago

looks like this is probably true for the IP comment too based on the connector:

https://github.com/briandelmsft/SentinelAutomationModules/blob/ca36f641e7401cc8dcc9cc77f6eac57f0f16ff87/Connector/connector.json#L110

so looks like it needs fixed in these 3 places:

https://github.com/briandelmsft/STAT-Function/blob/48f9183ac44d0415c28813d6279f4f7a281b3276/modules/base.py#L61

https://github.com/briandelmsft/STAT-Function/blob/48f9183ac44d0415c28813d6279f4f7a281b3276/modules/base.py#L64

https://github.com/briandelmsft/STAT-Function/blob/48f9183ac44d0415c28813d6279f4f7a281b3276/modules/base.py#L67