Giters

microsoft / msticpy

Microsoft Threat Intelligence Security Tools

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

[Bug]: Microsoft Sentinel update_incident returns error 400

glwallum opened this issue · comments

commented

Describe the bug
Using msticpy and attempting to update a sentinel incident status returns error 400. Following example in the msticpy documents

To Reproduce
from msticpy.data.azure import AzureData, MicrosoftSentinel
azs = MicrosoftSentinel()
azs.connect(auth_methods=['cli'])
azs.update_incident(incident_id = "INCIDENTIDREDACTED",update_items = {"severity":"Low"})

Expected behavior
Update incident severity

Screenshots and/or Traceback

HTTPStatusError Traceback (most recent call last)
Cell In[87], line 1
----> 1 azs.update_incident(incident_id = "5f8539be-64e7-4054-8eeb-95c56f0edeaf",
2 update_items = {"severity":"Low"},
3 )

File /anaconda/envs/azureml_py310_sdkv2/lib/python3.10/site-packages/msticpy/context/azure/sentinel_incidents.py:261, in SentinelIncidentsMixin.update_incident(self, incident_id, update_items)
253 response = httpx.put(
254 incident_url,
255 headers=get_api_headers(self._token), # type: ignore
(...)
258 timeout=get_http_timeout(),
259 )
260 if response.status_code not in (200, 201):
--> 261 raise CloudError(response=response)
262 print("Incident updated.")
263 return response.json().get("name")

File /anaconda/envs/azureml_py310_sdkv2/lib/python3.10/site-packages/msrestazure/azure_exceptions.py:195, in CloudError.init(self, response, error, *args, **kwargs)
192 self._build_error_data(response)
194 if not self.error or not self.message:
--> 195 self._build_error_message(response)
197 super(CloudError, self).init(
198 self.message, self.error, *args, **kwargs)

File /anaconda/envs/azureml_py310_sdkv2/lib/python3.10/site-packages/msrestazure/azure_exceptions.py:241, in CloudError._build_error_message(self, response)
239 message = str(content)
240 try:
--> 241 response.raise_for_status()
242 except RequestException as err:
243 if not self.error:

File /anaconda/envs/azureml_py310_sdkv2/lib/python3.10/site-packages/httpx/_models.py:761, in Response.raise_for_status(self)
759 error_type = error_types.get(status_class, "Invalid status code")
760 message = message.format(self, error_type=error_type)
--> 761 raise HTTPStatusError(message, request=request, response=self)

HTTPStatusError: Client error '400 Bad Request' for url 'https://management.azure.com/subscriptions/SUBSCRIPTIONID/resourceGroups/RESOURCEGROUP/providers/Microsoft.OperationalInsights/workspaces/WORKSPACENAME/providers/Microsoft.SecurityInsights/incidents/INCIDENTID?api-version=2020-01-01'
For more information check: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/400

Environment (please complete the following information):

  • Python Version: 3.10
  • Python environment: Cloud Azure ML