STAT Support in DoD

[brandonconn03]

Is your feature request related to a problem? Please describe. I've tried to incoporate into an existing IL4/5 (DoD) environment and having issues with API's. I've been able to solution a significant amount of issues but the 'RelatedAlerts' module continues to give me issues with HTTP requests.

Describe the solution you'd like I would like to request a proper ARM template deployment for STAT in DoD.

Describe alternatives you've considered I've been able to solution a significant amount of API with updating approved API versions (management.azure.com, https://api.loganalytics.io, and https://graph.microsoft.com/v1.0) but some issues /errors (404) I cannot troubleshoot.

Additional context Add any other context or screenshots about the feature request here. This always returns a subscriptions not found 404 error but the subscription ID is 100% correct from the Parse JSON results.

[briandelmsft]

@brandonconn03 when you ran into this error had you changed the endpoint in the screenshot to management.usgovcloudapi.net or was it using management.azure.com? Can you provide the details from the error in the failed run of the logic app (please feel free to redact any identifying details of course)?

We have only tested STAT to date in Commercial Azure paired with Commercial Office 365 and Commercial Azure paired with GCC Medium Office 365. In your case you are using Azure Gov in one of the DoD regions and Office 365 in GCC DoD?

[brandonconn03]

@briandelmsft I apologize for my delayed response as I have been TDY.

I was using management.azure.com and not management.usgovcloudapi.net. I can test with the usgovcloudapi URL to see if that changes anything.

Yes, I am using Azure Gov in one of the USGov regions and Office 365 in GCC DoD as the office data connectors are not supported in USGov.

[brandonconn03]

After updating the API I had to troubleshoot the 'scope - api calls' as I was receiving a 404 message (not previously an issue) by including a Sentinel 'Get incident(Preview)' trigger to step through but now I received a 405 message on the HTTP-Get Incident 'MethodNotAllowed'.

I've updated the URI to include a properties for the Incident ARM ID to see if it will resolve. Will provide feedback.

[briandelmsft]

Hi @brandonconn03 unfortunately I don't have the necessary access to test much of this. In our STAT v2 release (Preview Version here), you can customize any of the endpoints via simple environment variables, so it's much easier to try with different combinations. This version uses an Azure Function app for the backend instead of a series of Logic apps.

[brandonconn03]

Thank you for the information @briandelmsft ! I'll take a look :) If I have any breakthroughs on the API I'll be sure to pass along.

[piaudonn]

@brandonconn03 were you able to give the new version of STAT a try? Like @briandelmsft mentionned, since you can customize URLS for all services, it should address your challenges.