GH Issue
https://github.com/Azure/Azure-Sentinel/issues/8883
Issue at hand
As currently it is impossible to get UEBA enabled with bicep in a reliable way due to:
https://github.com/Azure/bicep/issues/10850
I opted for enabling it using az cli. Using az cli succeeds in both creating and updating the setting (after having parsed the etag if it is created)
However the data refuses to flow in. My suspicion is that because not all 4/4 data sources are available but it succeeeds. I was asked to raise a support case but because I don't have paid support I'm raising it here.
resource id:
/subscriptions/6b0e8ce2-30d3-4e81-a0a6-b8c50b4fb91f/resourceGroups/rg-dev-dev-sentinel/providers/Microsoft.OperationalInsights/workspaces/laswosocpmfersj6tpwe
UEBA enabled:
No data in la workspace (no BehaviorAnalytics table):
The LA had been deployed for quite some time now, so I don't believe that would be the '''15 minute period''' before it flows in here.