MicrosoftHi yokhaldi , Good day. First, I would like to thank you for posting this solution as its really helpful.
I have recently implemented this in our Tenant Sandbox
I've come across below below issues:
#1
When I run this Login App, I can see the Tenable assets logs are being ingested into Sentinel LAW and total number of assets matches with what we are sending via Parse Jason Output and the data we are receiving on LAW. Its just the end "For each" having problem of 429 - "Too many requests" error.
Under For each -- For each 2 -- ActionFailed. An action failed. No dependent actions succeeded.
It would be great if you can please advise how can we fix it. We tried Connector throttling (https://docs.microsoft.com/en-us/azure/logic-apps/handle-throttling-problems-429-errors#connector-throttling) but it didn't work.
#2
The actual data from Tenable io i.e. sample raw output has key information of CVSS and VPR. This is showing in the screenshots of your workbooks.
How can we get this information included in this Logic App
E.g.
"vpr_score": 4.4,
"accepted_count": 0,
"recasted_count": 0,
"counts_by_severity": [
{
"count": 3,
"value": 2
}
],
"cvss_base_score": 5,
"cvss3_base_score": 7.5,
"severity": 2
#3
It would be great if we can get template of the Workbook or if you can share the analytic rule for "Summary chart tracking unmitigated vulnerabilities of low, medium, high, and critical severity"
Thanks
GSingh
