Share via

Sentinel Automation triggers with playbooks are buggy

Jeff A 1 Reputation point
2021-07-21T14:41:32.783+00:00

Hi,

I struggled for days about this i18n issue. Can someone confirm that this is a bug or if I made something wrong whatsoever? How to declare a bug?

I created in the same RG two Logic Apps.

1st logic apps is seen by Sentinel as "Sentinel action" in playbooks but can't be mapped in Automation rule action. 

"triggers": {
    "Quand_la_règle_de_création_de_l’incident_Azure_Sentinel_a_été_créée": {
        "inputs": {
            "body": {
                "callback_url": "@{listCallbackUrl()}"
            },
            "host": {
                "connection": {
                    "name": "@parameters('$connections')['azuresentinel']['connectionId']"
                }
            },
            "path": "/incident-creation"
        },
        "type": "ApiConnectionWebhook"
    }
}

Second one is perfectly seen in Automation: 

   "triggers": {
        "When_Azure_Sentinel_incident_creation_rule_was_triggered": {
            "inputs": {
                "body": {
                    "callback_url": "@{listCallbackUrl()}"
                },
                "host": {
                    "connection": {
                        "name": "@parameters('$connections')['azuresentinel']['connectionId']"
                    }
                },
                "path": "/incident-creation"
            },
            "type": "ApiConnectionWebhook"
        }
    }

It looks to me that Sentinel detection of trigger heavily depends on the name instead of static value. But I18n depends on what are languages in block creation.

Can anyone confirm?

Azure Logic Apps
Azure Logic Apps

An Azure service that automates the access and use of data across clouds without writing code.

Microsoft Security | Microsoft Sentinel

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.