question

KentuckyMike-3553 avatar image
0 Votes"
KentuckyMike-3553 asked MayankBargali-MSFT commented

Is there a table to know what data type a Logic app dynamic content is for Sentinel?

I am working on connecting my Sentinel solution to SNOW. I'm running into an issue whenever I select a value that has an Array. Once the For each control kicks in, the Logic App fails after adding a Second Array.

Example:
Added Sentinel (Incident/Alert) Trigger
Created an Initialize Priority Variable
Created the switching to accommodate
Added the SNOW connector
Connected and selected the appropriate EVT table
Start adding Sentinel fields:
1 - Incident Tactics (No For each auto added)
2 - Incident Updates Alert (For each is auto added)
Run the Playbook and everything works, information is sent to SNOW
3 - Incident Comment Properties (a second For each is auto added)
Run the Playbook and it fails due to Null value being passed to Incident Comment Properties

azure-logic-appsmicrosoft-sentinel
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I have run into something similar where, even though the Logic App creates the variable, it does not actually have any data in it. You may need to see about parsing the JSON to get the comments yourself.

0 Votes 0 ·

@KentuckyMike-3553 Can you share your workflow screenshot along with code view. You can refer to individual connector document to know what the return type of individual triggers/actions.

0 Votes 0 ·

1 Answer

KentuckyMike-3553 avatar image
0 Votes"
KentuckyMike-3553 answered MayankBargali-MSFT commented

My apologies, I forgot to close this out. I found the issue and a solution.
For my original issue, the solution turned out to be a consecutive running problem that would cause the second For_Each to run at the same time so a race condition caused a failure. Setting the For_Each Consecutive setting


210324-image.png



image.png (26.8 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@KentuckyMike-3553 Thanks for your response. Glad to know that you were able to find the root cause of the issue. Feel free to reach out to us in Microsoft Q&A if you need any assistance in future.

0 Votes 0 ·