Sentinel Automation triggers with playbooks are buggy
Jeff A
1
Reputation point
Hi,
I struggled for days about this i18n issue. Can someone confirm that this is a bug or if I made something wrong whatsoever? How to declare a bug?
I created in the same RG two Logic Apps.
1st logic apps is seen by Sentinel as "Sentinel action" in playbooks but can't be mapped in Automation rule action.
"triggers": {
"Quand_la_règle_de_création_de_l’incident_Azure_Sentinel_a_été_créée": {
"inputs": {
"body": {
"callback_url": "@{listCallbackUrl()}"
},
"host": {
"connection": {
"name": "@parameters('$connections')['azuresentinel']['connectionId']"
}
},
"path": "/incident-creation"
},
"type": "ApiConnectionWebhook"
}
}
Second one is perfectly seen in Automation:
"triggers": {
"When_Azure_Sentinel_incident_creation_rule_was_triggered": {
"inputs": {
"body": {
"callback_url": "@{listCallbackUrl()}"
},
"host": {
"connection": {
"name": "@parameters('$connections')['azuresentinel']['connectionId']"
}
},
"path": "/incident-creation"
},
"type": "ApiConnectionWebhook"
}
}
It looks to me that Sentinel detection of trigger heavily depends on the name instead of static value. But I18n depends on what are languages in block creation.
Can anyone confirm?
Sign in to answer