Closed glwallum closed 1 month ago
Thanks for flagging this, let me explore this. Its likely a change to the Sentinel APIs that we will need to update to support.
This looks like it should work - @glwallum what sort of error do you get with this?
I've also reached out to the Sentinel engineering team to ask about this. The docs say that labels should be an array of LabelItem but don't actually give any examples of what the JSON representation of LabelItem should look like. I think the dict that @glwallum is using would also be my best guess at what it should look like but it might be other weird structure embedded in string or something.
This looks like it should work - @glwallum what sort of error do you get with this?
I believe this was fixed by a pull request for adding labels
Oh brilliant, thanks
Trying to add a tag to an Azure Sentinel incident. I have tried using the update_items but have not been able to
Example code in Azure Machine Learning:
azs = MicrosoftSentinel() azs.connect() azs.update_incident(incident_id = "INCIDENTID", update_items = {'labels': [{'labelName': 'test', 'labelType': 'User'}]})