Closed glwallum closed 2 months ago
Describe the bug Using msticpy and attempting to update a sentinel incident status returns error 400. Following example in the msticpy documents
To Reproduce from msticpy.data.azure import AzureData, MicrosoftSentinel azs = MicrosoftSentinel() azs.connect(auth_methods=['cli']) azs.update_incident(incident_id = "INCIDENTIDREDACTED",update_items = {"severity":"Low"})
Expected behavior Update incident severity
HTTPStatusError Traceback (most recent call last) Cell In[87], line 1 ----> 1 azs.update_incident(incident_id = "5f8539be-64e7-4054-8eeb-95c56f0edeaf", 2 update_items = {"severity":"Low"}, 3 )
File /anaconda/envs/azureml_py310_sdkv2/lib/python3.10/site-packages/msticpy/context/azure/sentinel_incidents.py:261, in SentinelIncidentsMixin.update_incident(self, incident_id, update_items) 253 response = httpx.put( 254 incident_url, 255 headers=get_api_headers(self._token), # type: ignore (...) 258 timeout=get_http_timeout(), 259 ) 260 if response.status_code not in (200, 201): --> 261 raise CloudError(response=response) 262 print("Incident updated.") 263 return response.json().get("name")
File /anaconda/envs/azureml_py310_sdkv2/lib/python3.10/site-packages/msrestazure/azure_exceptions.py:195, in CloudError.init(self, response, error, *args, *kwargs) 192 self._build_error_data(response) 194 if not self.error or not self.message: --> 195 self._build_error_message(response) 197 super(CloudError, self).init( 198 self.message, self.error, args, **kwargs)
File /anaconda/envs/azureml_py310_sdkv2/lib/python3.10/site-packages/msrestazure/azure_exceptions.py:241, in CloudError._build_error_message(self, response) 239 message = str(content) 240 try: --> 241 response.raise_for_status() 242 except RequestException as err: 243 if not self.error:
File /anaconda/envs/azureml_py310_sdkv2/lib/python3.10/site-packages/httpx/_models.py:761, in Response.raise_for_status(self) 759 error_type = error_types.get(status_class, "Invalid status code") 760 message = message.format(self, error_type=error_type) --> 761 raise HTTPStatusError(message, request=request, response=self)
HTTPStatusError: Client error '400 Bad Request' for url 'https://management.azure.com/subscriptions/SUBSCRIPTIONID/resourceGroups/RESOURCEGROUP/providers/Microsoft.OperationalInsights/workspaces/WORKSPACENAME/providers/Microsoft.SecurityInsights/incidents/INCIDENTID?api-version=2020-01-01' For more information check: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/400
Environment (please complete the following information):
Describe the bug Using msticpy and attempting to update a sentinel incident status returns error 400. Following example in the msticpy documents
To Reproduce from msticpy.data.azure import AzureData, MicrosoftSentinel azs = MicrosoftSentinel() azs.connect(auth_methods=['cli']) azs.update_incident(incident_id = "INCIDENTIDREDACTED",update_items = {"severity":"Low"})
Expected behavior Update incident severity
Screenshots and/or Traceback
HTTPStatusError Traceback (most recent call last) Cell In[87], line 1 ----> 1 azs.update_incident(incident_id = "5f8539be-64e7-4054-8eeb-95c56f0edeaf", 2 update_items = {"severity":"Low"}, 3 )
File /anaconda/envs/azureml_py310_sdkv2/lib/python3.10/site-packages/msticpy/context/azure/sentinel_incidents.py:261, in SentinelIncidentsMixin.update_incident(self, incident_id, update_items) 253 response = httpx.put( 254 incident_url, 255 headers=get_api_headers(self._token), # type: ignore (...) 258 timeout=get_http_timeout(), 259 ) 260 if response.status_code not in (200, 201): --> 261 raise CloudError(response=response) 262 print("Incident updated.") 263 return response.json().get("name")
File /anaconda/envs/azureml_py310_sdkv2/lib/python3.10/site-packages/msrestazure/azure_exceptions.py:195, in CloudError.init(self, response, error, *args, *kwargs) 192 self._build_error_data(response) 194 if not self.error or not self.message: --> 195 self._build_error_message(response) 197 super(CloudError, self).init( 198 self.message, self.error, args, **kwargs)
File /anaconda/envs/azureml_py310_sdkv2/lib/python3.10/site-packages/msrestazure/azure_exceptions.py:241, in CloudError._build_error_message(self, response) 239 message = str(content) 240 try: --> 241 response.raise_for_status() 242 except RequestException as err: 243 if not self.error:
File /anaconda/envs/azureml_py310_sdkv2/lib/python3.10/site-packages/httpx/_models.py:761, in Response.raise_for_status(self) 759 error_type = error_types.get(status_class, "Invalid status code") 760 message = message.format(self, error_type=error_type) --> 761 raise HTTPStatusError(message, request=request, response=self)
HTTPStatusError: Client error '400 Bad Request' for url 'https://management.azure.com/subscriptions/SUBSCRIPTIONID/resourceGroups/RESOURCEGROUP/providers/Microsoft.OperationalInsights/workspaces/WORKSPACENAME/providers/Microsoft.SecurityInsights/incidents/INCIDENTID?api-version=2020-01-01' For more information check: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/400
Environment (please complete the following information):