Is there a table to know what data type a Logic app dynamic content is for Sentinel?

Kentucky Mike 21 Reputation points
2022-06-04T19:16:26.177+00:00

I am working on connecting my Sentinel solution to SNOW. I'm running into an issue whenever I select a value that has an Array. Once the For each control kicks in, the Logic App fails after adding a Second Array.

Example:
Added Sentinel (Incident/Alert) Trigger
Created an Initialize Priority Variable
Created the switching to accommodate
Added the SNOW connector
Connected and selected the appropriate EVT table
Start adding Sentinel fields:
1 - Incident Tactics (No For each auto added)
2 - Incident Updates Alert (For each is auto added)
Run the Playbook and everything works, information is sent to SNOW
3 - Incident Comment Properties (a second For each is auto added)
Run the Playbook and it fails due to Null value being passed to Incident Comment Properties

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
606 questions
Azure Logic Apps
Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
1,821 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Kentucky Mike 21 Reputation points
    2022-06-10T14:37:19.467+00:00

    My apologies, I forgot to close this out. I found the issue and a solution.
    For my original issue, the solution turned out to be a consecutive running problem that would cause the second For_Each to run at the same time so a race condition caused a failure. Setting the For_Each Consecutive setting

    210324-image.png