Validation error with Azure Sentinel + Win10 + Domain Controller Template

Question

Validation error with Azure Sentinel + Win10 + Domain Controller Template

WayneJLee opened this issue 4 years ago · comments

Hey there,

First off, just wanna say I really appreciate your work Roberto and am looking forward to part 2 of your Sentinel2Go post.

The current deployment template for Azure Sentinel + Win10 + Domain Controller fails validation due to the fact that the enableWinEventProviders parameter doesn't exist in the deployAzureSentinel2Go template.

Changing enableWinEventProviders to collectWinEventProviders solves the issue.

{
  "deploymentStatusCode": -1,
  "stage": 6,
  "expected": true,
  "error": {
    "message": "Deployment template validation failed: 'The template parameters 'enableWinEventProviders' in the parameters file are not valid; they are not present in the original template and can therefore not be provided at deployment time. The only supported parameters for this template are 'utcValue, workspaceName, pricingTier, dataRetention, immediatePurgeDataOn30Days, enableAdditionalLASolutions, enableDataConnectorsKind, enableLAFunctions, setSecurityCollectionTier, collectWinEventProviders, collectSyslogFacilities, postAnalyticRules, userAssignedIdentityName, _artifactsLocation, _artifactsLocationSasToken, location'. Please see https://aka.ms/arm-deploy/#parameter-file for usage details.'."
  },
  "subscriptionId": "115ffef8-43d8-4b25-a900-XXXXXXXXX",
  "resourceGroupName": "VA-Lab",
  "resourceGroupLocation": "southeastasia",
  "deploymentName": "Microsoft.Template-20200917211020",
  "details": {
    "code": "InvalidTemplate",
    "message": "Deployment template validation failed: 'The template parameters 'enableWinEventProviders' in the parameters file are not valid; they are not present in the original template and can therefore not be provided at deployment time. The only supported parameters for this template are 'utcValue, workspaceName, pricingTier, dataRetention, immediatePurgeDataOn30Days, enableAdditionalLASolutions, enableDataConnectorsKind, enableLAFunctions, setSecurityCollectionTier, collectWinEventProviders, collectSyslogFacilities, postAnalyticRules, userAssignedIdentityName, _artifactsLocation, _artifactsLocationSasToken, location'. Please see https://aka.ms/arm-deploy/#parameter-file for usage details.'.",
    "additionalInfo": [
      {
        "type": "TemplateViolation",
        "info": {
          "lineNumber": 0,
          "linePosition": 0,
          "path": ""
        }
      }
    ]
  }
}

Roberto Rodriguez · Answer 1 · Thu Sep 17 2020 21:54:12 GMT+0800 (China Standard Time)

Ahhhhh thank you very much @WayneJLee . i was doing some changes to it and forgot to update that part . Changing it right now. I appreciate it.

Roberto Rodriguez · Answer 2 · Thu Sep 24 2020 07:55:14 GMT+0800 (China Standard Time)

that should work now. Thank you @WayneJLee