Open nconder opened 4 years ago
latortuga71
commented
4 years ago @nconder i was able to get it to work for a little bit by using sed, to swap out all the api endpoints to the gov equivalent. but then my token would not refresh not sure why. On another note is it possible to limit the requests (via a filter ?)brought back when using Get-AzSentinelIncident?
john-crouch
commented
4 years ago I forked the project and added an ‘Environment’ parameter, supporting logic, and associated comment-based help: https://github.com/john-crouch/AZSentinel/tree/AzEnvironment
For any of the module's cmdlets, just include -Environment AzureUsGovernment
I'm happy to submit a PR if this is an acceptable solution. @NVolcz @maartengoet @bgelens
NVolcz
commented
4 years ago Not sure why I was mentioned in this issue :-).
nconder
commented
4 years ago I forked the project and added an ‘Environment’ parameter, supporting logic, and associated comment-based help: https://github.com/john-crouch/AZSentinel/tree/AzEnvironment
For any of the module's cmdlets, just include -Environment AzureUsGovernment
I'm happy to submit a PR if this is an acceptable solution. @NVolcz @maartengoet @bgelens
I uninstalled the release and tired you fork and I'm still getting 404's. Looks like the domain is still pointing to Azure public API "https://management.azure.com"
Get-AzSentinelAlertRule -SubscriptionId xxxxxxx-xxxx-xxxxx-xxxxx-xxxxxxxxx -WorkspaceName myworkspace -Verbose VERBOSE: Getting Worspace from Subscription xxxxxxx-xxxx-xxxxx-xxxxx-xxxxxxxxx VERBOSE: GET https://management.azure.com/subscriptions/xxxxxxx-xxxx-xxxxx-xxxxx-xxxxxxxxx/providers/Microsoft.OperationalInsights/workspaces?api-version=2015-11-01-preview with 0-byte payload VERBOSE: received 129-byte response of content type application/json Get-AzSentinelAlertRule: Response status code does not indicate success: 404 (Not Found).
usgovvirginia usgovvirginia usgovvirginia usgovvirginia
nconder
commented
4 years ago @john-crouch, we identified and resolved the problems causing us to continue to point to Azure Public instead of the GOV domains. While not extensively tested we've validated Get-AzSentinelAlertRule and Get-AzSentinelHuntingRule work as expected but that Export-AzSentinel does not appear to be 'Environment' aware as it throws a "Export-AzSentinel: A parameter cannot be found that matches parameter name 'Environment'." message when the parameter is added. Thanks for your help and quick turnaround!
john-crouch
commented
4 years ago @nconder thanks for the feedback! I've fixed the issue you identified and successfully tested Export-AzSentinel against an Azure gov subscription.
nconder
commented
4 years ago @nconder thanks for the feedback! I've fixed the issue you identified and successfully tested Export-AzSentinel against an Azure gov subscription.
Hi @john-crouch have you created a pull request yet if not did you need any help to validate?
dave-simons
commented
4 years ago Hi! I need to use AZSentinel with an Azure GOV environment too and am interested in this functionality being rolled up into the release version also.
Is Azure Government supported? I am 100% confident that the subscription and workspace exists.
`Get-AzSentinelAlertRule -WorkspaceName "XXXXX" -Verbose VERBOSE: Getting Worspace from Subscription XXXXXX-XXXXXXX-XXXXXX VERBOSE: GET https://management.azure.com/subscriptions/XXXXXX-XXXXXXX-XXXXXX/providers/Microsoft.OperationalInsights/workspaces?api-version=2015-11-01-preview with 0-byte payload VERBOSE: received 129-byte response of content type application/json Invoke-WebRequest: C:\Users\XXXXXX\Documents\PowerShell\Modules\AzSentinel\0.6.5\AzSentinel.psm1:503 Line | 503 | … orkspaces = Invoke-webrequest -Uri $uri -Method get -Headers $script: … |
~~~~~~~~~~~~~ | {"error":{"code":"SubscriptionNotFound","message":"The subscription 'XXXXXX-XXXXXXX-XXXXXX' could not be found."}}ConvertFrom-Json: C:\Users\XXXXXX\Documents\PowerShell\Modules\AzSentinel\0.6.5\AzSentinel.psm1:504 Line | 504 | … $workspaceObject = ($workspaces.Content | ConvertFrom-Json).value … |
~~~~ | Cannot bind argument to parameter 'InputObject' because it is null.Write-Error: C:\Users\XXXXXX\Documents\PowerShell\Modules\AzSentinel\0.6.5\AzSentinel.psm1:2446 Line | 2446 | Get-LogAnalyticWorkspace @arguments |
~~~~~~~| Unable to find workspace XXXXXXXX under Subscription Id: XXXXXX-XXXXXXX-XXXXXX`