Open sc9246 opened 1 month ago
petrhollayms
commented
1 month ago Hi @sc9246 ,
Thanks for raising this! I see the metadata is there and it shall work.
Which SDK version are you using? Can you please run the cmdlet with the -Debug parameter and share the output here? See Error handling and troubleshooting cmdlets | Microsoft Learn
Does the API call work when using Graph Explorer (if it works in your environment)?
sc9246
commented
1 month ago Hi @petrhollayms - I did more testing over the weekend to try and get things working, but still cannot. The problem seems to exist for both the SDK and the API, but they behave differently.
The SDK always errors when I provide the endUserNotificationSetting properties, when settingType = trainingSelected.
The API doesn't always error, BUT it does not properly set the endUserNotificationSetting properties
SDK versions tried: 2.15.0, 2.19.0
SDK Debug output:
DEBUG: [CmdletBeginProcessing]: - New-MgSecurityAttackSimulation begin processing with parameterSet 'Create'.Confirm Continue with this operation? [Y] Yes [A] Yes to All [H] Halt Command [S] Suspend [?] Help (default is "Y"): A DEBUG: [Authentication]: - AuthType: 'AppOnly', TokenCredentialType: 'ClientCertificate', ContextScope: 'Process', AppName: 'XXXXXXXXXX'. DEBUG: [Authentication]: - Scopes: [AttackSimulation.Read.All, AttackSimulation.ReadWrite.All].
Confirm Are you sure you want to perform this action? Performing the operation "New-MgSecurityAttackSimulation_Create" on target "Call remote 'POST /security/attackSimulation/simulations' operation". [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): A DEBUG: ============================ HTTP REQUEST ============================
HTTP Method: POST
Absolute Uri: https://graph.microsoft.com/v1.0/security/attackSimulation/simulations
Headers: FeatureFlag : 00000043 Cache-Control : no-store, no-cache User-Agent : Mozilla/5.0,(Windows NT 10.0; Microsoft Windows 10.0.19043; en-US),PowerShell/2024.3.2 Accept-Encoding : gzip SdkVersion : graph-powershell/2.19.0 client-request-id : abc32bbe-ece7-4314-9567-5db611d47ba3
Body: Skipped: Content body was disposed before the logger could access it.
DEBUG: ============================ HTTP RESPONSE ============================
Status Code: BadRequest
Headers: Transfer-Encoding : chunked Vary : Accept-Encoding Strict-Transport-Security : max-age=31536000 request-id : 1f27ffcc-9f2c-4c33-9762-801f0bf34f10 client-request-id : abc32bbe-ece7-4314-9567-5db611d47ba3 x-ms-ags-diagnostic : {"ServerInfo":{"DataCenter":"North Central US","Slice":"E","Ring":"4","ScaleUnit":"005","RoleInstance":"CH01EPF0002EB25"}} Date : Mon, 03 Jun 2024 10:41:39 GMT
Body: { "error": { "code": "UnknownError", "message": "{\"Code\":400,\"Message\":\"Bad request\",\"Target\":null,\"Details\":[{\"Code\":400,\"Message\":\"Parameter endUserNotificationId is not valid\",\"Target\":null,\"Details\":null,\"InnerError\":null}],\"InnerError\":null}", "innerError": { "date": "2024-06-03T10:41:40", "request-id": "1f27ffcc-9f2c-4c33-9762-801f0bf34f10", "client-request-id": "abc32bbe-ece7-4314-9567-5db611d47ba3" } } }
I built the data by using a manually created attack simulation as a reference. I took the exact same data supplied to the cmdlet above, and posted it via Invoke-RestMethod, and also the Graph Explorer API. I got an Accepted 202 response (both are same). It did create the attack simulation, but it did not set any of the notification settings (it shows as do not deliver notifications in the UI portal).
- JSON data used for POST:{ "endUserNotificationSetting": { "@odata.type": "#microsoft.graph.endUserNotification", "trainingAssignment": { "deliveryFrequency": "unknown", "defaultLanguage": "en-us", "@odata.type": "#microsoft.graph.trainingReminderNotification" }, "trainingReminder": { "deliveryFrequency": "weekly", "defaultLanguage": "en-us", "endUserNotification@odata.bind": "https://graph.microsoft.com/v1.0/security/attacksimulation/endUserNotifications/f48f4cec-5ea2-4ca6-826a-40ac1378b5fe" }, "settingtype": "trainingSelected", "positiveReinforcement": { "defaultLanguage": "en-us", "endUserNotification@odata.bind": "https://graph.microsoft.com/v1.0/security/attacksimulation/endUserNotifications/39f2c7bb-0df5-44be-9c6b-e30403c0b845", "deliveryPreference": "deliverImmedietly", "@odata.type": "#microsoft.graph.positiveReinforcementNotification" }, "notificationPreference": "microsoft" }, "loginPage@odata.bind": "https://graph.microsoft.com/v1.0/security/attacksimulation/loginPages/b2b7c6de-e151-4687-b8a0-d5bc5ce03c1e", "AttackTechnique": "credentialHarvesting", "AttackType": "social", "payload@odata.bind": "https://graph.microsoft.com/v1.0/security/attacksimulation/payloads/7101e020-0f5f-4e92-912d-43cd1f172716", "createdBy": { "email": "phishautomation@benco.com" }, "DisplayName": "AUTOMATION TESTING - June 2024 692", "TrainingSetting": { "settingType": "microsoftManaged", "trainingCompletionDuration": "fortnite", "@odata.type": "#microsoft.graph.trainingSetting" }, "landingPage@odata.bind": "https://graph.microsoft.com/v1.0/security/attacksimulation/landingPages/1cdfcb49-1065-46a6-b1c3-672071e20a6b", "Description": "AUTOMATION TESTING - June 2024 692", "status": "draft", "payloadDeliveryPlatform": "email", "includedAccountTarget": { "accountTargetEmails": [ "sc9246@benco.com" ], "type": "addressBook", "@odata.type": "#microsoft.graph.addressBookAccountTargetContent" }, "DurationInDays": 2, "launchDateTime": "2024-06-03T06:40:07Z" }
- Simulation creates OK, all other settings are OK, but endUserNotificationSetting doesn't get set. Here is a GET of the property, for the newly created campaign. It ignored/reset endUserNotificationSetting:PS C:> $Method
GET
PS C:> $uri
https://graph.microsoft.com/v1.0/security/attacksimulation/simulations/fb299b82-1865-5db8-b22c-7a2908f1bd33/endUserNotificationSetting
PS C:> $graphResponse | fl
@odata.context : https://graph.microsoft.com/v1.0/$metadata#security/attackSimulation/simulations('fb299b82-1865-5db8-b22c-7a2908f1bd33')/endUserNotificationSetting settingType : noNotification positiveReinforcement : notificationPreference : unknown
I could just be supplying the property incorrectly, but I've tried so many variations of what/how is included, and cannot get it to apply the settings. I've even tried leaving them unknown, and then PATCH'ing the enduserNotificationSetting, but it doesn't seem to be supported as an update parameter (no error but nothing changes).
akgraph
commented
4 hours ago Hi,
I attempted to repro this error using the commandlet & graph explorer but was unsuccessful.
Attached JSON post data and the powershell script used for verifying.
astgraph.txt graphexplorer.json
Few observations based on the JSON post data shared in previous comment:
Describe the bug
Trying to create a new attack simulation with New-MgSecurityAttackSimulation, but once I introduce settings for endUserNotificationSetting, the cmdlet always errors with:
Status: 400 (BadRequest) ErrorCode: UnknownError`
If I set endUserNotificationSetting -> settingType = unknown, it ignores that property and everything under it, and the simulation creates OK. The issue seems to be no matter how I try to include notification settings, creation via Graph results in an error. Even using the documented creation from the MS KB does not work:
Expected behavior
Expect to be able to provide notification options to API/cmdlet, and have them work.
How to reproduce
Purged tenant data, apologies if I messed up formatting, but this should be a mostly complete example that will not work as is (unless changing endUserNotificationSetting = @{ settingtype = "unknown"}
SDK Version
No response
Latest version known to work for scenario above?
No response
Known Workarounds
Per above, tweaking this will make it work, but it ignores all notification options.
Debug output
Click to expand log
```Configuration
No response
Other information
No response