Jan 27 2021 01:37 AM
Hi,
We are trying to get azure sentinel logs into our on prem QRadar SIEM.
we follow to achieve it through Event Hub. but we have facing issue in how to forward Azure Sentinel Alert into Event Hub. For this we follow App logic and github code for this but the code is showing errors.
Jan 27 2021 04:58 AM
@daniyal2021 If I understand what is happening correctly, you either deployed the code to your environment using the "Deploy to Azure" button (which I just tested and worked fine) or you copied and pasted the code into a new playbook (in which case there are probably changes that need to be made in the code). Is that correct?
Jan 27 2021 05:05 AM
@Gary Bushey Yes you right, basically i don't know how to utilize '' deploy to azure" option. that why i go with copy paste option.
Jan 27 2021 08:22 AM
@daniyal2021 Clicking the "Deploy to Azure" button takes you to the Azure console deployment screen. It's a better method to ensure there's no missing characters or formatting errors in the code (which sounds like might be your issue).
Jan 27 2021 09:29 AM
Jan 27 2021 10:09 AM
@daniyal2021 It looks like the content field wants to use the "ExtendedProperties" property that comes from the "When a response to an Azure Sentinel alert is triggered" trigger but it didn't come through correct. Clear that field and then you can select the correct value in the Dynamic content listing.
Jan 28 2021 12:39 AM
Jan 28 2021 04:29 AM
@daniyal2021 Not sure what that error means. I was able to install it on 2 different Azure Sentinel instances yesterday without any problems.