petebryan
commented
1 month ago Thanks for flagging this, let me explore this. Its likely a change to the Sentinel APIs that we will need to update to support.
Closed glwallum closed 1 month ago
petebryan
commented
1 month ago Thanks for flagging this, let me explore this. Its likely a change to the Sentinel APIs that we will need to update to support.
petebryan
commented
1 month ago This looks like it should work - @glwallum what sort of error do you get with this?
ianhelle
commented
1 month ago I've also reached out to the Sentinel engineering team to ask about this. The docs say that labels should be an array of LabelItem but don't actually give any examples of what the JSON representation of LabelItem should look like. I think the dict that @glwallum is using would also be my best guess at what it should look like but it might be other weird structure embedded in string or something.
glwallum
commented
1 month ago This looks like it should work - @glwallum what sort of error do you get with this?
I believe this was fixed by a pull request for adding labels
petebryan
commented
1 month ago Oh brilliant, thanks
Trying to add a tag to an Azure Sentinel incident. I have tried using the update_items but have not been able to
Example code in Azure Machine Learning:
azs = MicrosoftSentinel() azs.connect() azs.update_incident(incident_id = "INCIDENTID", update_items = {'labels': [{'labelName': 'test', 'labelType': 'User'}]})