Sentinel Automation triggers with playbooks are buggy

Jeff A 1 Reputation point
2021-07-21T14:41:32.783+00:00

Hi,

I struggled for days about this i18n issue. Can someone confirm that this is a bug or if I made something wrong whatsoever? How to declare a bug?

I created in the same RG two Logic Apps.

1st logic apps is seen by Sentinel as "Sentinel action" in playbooks but can't be mapped in Automation rule action.

"triggers": {
    "Quand_la_règle_de_création_de_l’incident_Azure_Sentinel_a_été_créée": {
        "inputs": {
            "body": {
                "callback_url": "@{listCallbackUrl()}"
            },
            "host": {
                "connection": {
                    "name": "@parameters('$connections')['azuresentinel']['connectionId']"
                }
            },
            "path": "/incident-creation"
        },
        "type": "ApiConnectionWebhook"
    }
}

Second one is perfectly seen in Automation:

   "triggers": {
        "When_Azure_Sentinel_incident_creation_rule_was_triggered": {
            "inputs": {
                "body": {
                    "callback_url": "@{listCallbackUrl()}"
                },
                "host": {
                    "connection": {
                        "name": "@parameters('$connections')['azuresentinel']['connectionId']"
                    }
                },
                "path": "/incident-creation"
            },
            "type": "ApiConnectionWebhook"
        }
    }

It looks to me that Sentinel detection of trigger heavily depends on the name instead of static value. But I18n depends on what are languages in block creation.

Can anyone confirm?

Azure Logic Apps
Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
3,141 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,141 questions
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.