Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,021 questions
Sentinel - Sophos Endpoint Protection (using REST API) (Preview) - Fails due to trying to create a table with a hyphen!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 6%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJG%3C/text%3E%3C/svg%3E)
James Grant
0
Reputation points
When trying to configure and deploy the new Sophos API connector for Sentinel it fails. Looks like it's trying to create a new table called Custom-SophosEPAlerts_CL but tables cannot contain hyphens so needs changing to CustomSophosEPAlerts_CL instead.
Failed to create required resources for data connector InvalidPayload:Data collection rule is invalid, [{"code":"InvalidOutputTable","message":"Table for output stream 'Custom-SophosEPAlerts_CL' is not available for destination 'clv2ws1'.","target":"properties.dataFlows[0]"},{"code":"InvalidOutputTable","message":"Table for output stream 'Custom-SophosEPEvents_CL' is not available for destination 'clv2ws1'.","target":"properties.dataFlows[1]"}]
Please FIX
Thanks!
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 57.99999999999999%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPK%3C/text%3E%3C/svg%3E)
Pallavi Kakde 0 Reputation points2024-05-22T09:40:01.7866667+00:00 To fix this issue, follow these steps:
Identify the Data Connector Configuration: First, locate the configuration settings for the Sophos API connector in Sentinel. This typically involves navigating to the data connectors section in Azure Sentinel.
Modify the Output Table Name: Within the configuration settings for the Sophos API connector, find the section where you specify the output table name. Change the table name from "Custom-SophosEPAlerts_CL" to "CustomSophosEPAlerts_CL" (remove the hyphen).
Save Changes and Retry: After making the necessary modification to the output table name, save the changes to the data connector configuration.
Deploy or Update the Connector: If the connector was already deployed, you may need to redeploy or update it to apply the changes. Follow the deployment process for the data connector in Azure Sentinel.
Verify Successful Deployment: Once the connector is deployed or updated, verify that it's successfully creating the required resources, including the table "CustomSophosEPAlerts_CL".
-
James Grant 0 Reputation points
2024-05-22T09:53:01.4533333+00:00 Hi. Thanks for your reply.
Unfortunately this is a Microsoft Provided connector so not sure how I can modify the table name. They only provide fields for tenant ID, Data Region, Client ID, Client Secret in the configuration.
James
-
Andrew Blumhardt 9,676 Reputation points Microsoft Employee2024-05-28T12:43:58.3066667+00:00 Confirmed. I am seeing the same issue. I will contact the solution owner for assistance. Will post when there is an update.
Sign in to comment