STAT v2 Preview - Problems with the Sample-STAT-Triage Playbooks

[lorisAmbrozzo]

Describe the bug I'm testing STAT v2. So far it looks very nice. Thank you for this big update! 💯 I have discovered the following bug. I am deploying the version 2 module with a user-assigned managed identity. When I deploy the sample STAT triage playbook and run it on a playbook, I get the following error (picture 1 and picture 2) for all three modules (AAD Risks Module / Related Alerts Module / Threat Intel Module) in the playbook.

But when I create a new clean playbook and rebuild the hole sample playbook in this new playbook. The modules run without this errors (see third screenshot).

Module Name AAD Risks Module / Related Alerts Module / Threat Intel Module

To Reproduce Deploy Stat Version 2 with a user-assigned managed identity. Run the Sample Playbook on an incident.

Expected behavior Call the different modules with no errors

Screenshots Sample-STAT-Triage error: Sample-STAT-Triage error: New created playbook:

[briandelmsft]

@lorisAmbrozzo thanks for the detailed description. I will take a look into it

[briandelmsft]

Fixed in latest preview deployment update: https://github.com/briandelmsft/SentinelAutomationModules/tree/statv2_preview/Deploy