Forum Discussion

leoszalkowski's avatar
leoszalkowski
Brass Contributor
Dec 30, 2019
Solved

Sentinel Playbook Issue

I have a set of playbooks to run automatically when an incident is created from an alert. So far it's been working well without issues, until today.

 

The playbook hasn't been running for the alerts every time. It will run for a handful, but won't run for most. Inside the logic app page for the playbook, there is no errors that appear on attempted runs for the alert.

  • leoszalkowski's avatar
    leoszalkowski
    Dec 31, 2019

    leoszalkowski I discovered today that our subscription was impacted by a Log Analytics disruption yesterday between 00:28 and 04:04 UTC. That is around the time the playbooks have stopped working, and are still being impacted.

  • leoszalkowski's avatar
    leoszalkowski
    Brass Contributor
    Dec 31, 2019

    leoszalkowski I discovered today that our subscription was impacted by a Log Analytics disruption yesterday between 00:28 and 04:04 UTC. That is around the time the playbooks have stopped working, and are still being impacted.

    • leoszalkowski's avatar
      leoszalkowski
      Brass Contributor
      Dec 31, 2019
      It was not resolved Rod_Trent.

      The issue was narrowed down to the playbook running in one of the tenants my company is managing. The playbook is getting a 404: not found error when it's run.

      Not sure if some permissions were changed in the tenant or if it could be a separate issue.
      • Rod_Trent's avatar
        Rod_Trent
        Icon for Microsoft rankMicrosoft
        Dec 31, 2019

        leoszalkowski 

         

        So, just one tenant has the issue? Where was the original Playbook created? Does this tenant reside in a different datacenter/region? 

         

        Does the Playbook work if run manually?

Resources