This is autogenerated. Please review and update as needed.
Describe the bug
The 'entity-mappings' parameter of the 'az sentinel alert-rule create' command doesn't seem to be functioning as expected.
I am able to create an analytic rule without passing this parameter. However, I get an error when passing the entity-mappings parameter.
Command Name
az sentinel alert-rule create -g <resource-group> -w <workspace-name> -n 0080 --scheduled...
Errors:
See screenshot:
To Reproduce:
Steps to reproduce the behavior.
- Run the following azure CLI command:
az sentinel alert-rule create -g <resource-group> -w <workspace-name> -n 100 --scheduled "{alert-rule-template-name:18e6a87e-9d06-4a4e-8b59-3469cd49552e,description:test,display-name:test,enabled:true,query:Heartbeat,query-frequency:P1D,query-period:P1D,severity:High,suppression-duration:P1D,suppression-enabled:false,tactics:[Collection],techniques:[T1005],template-version:1.1.2,trigger-operator:GreaterThan,trigger-threshold:0,entity-mappings:[{entity-type:Host,field-mappings:[{column-name:Computer,identifier:FullName}]}]}"- The result of this command is unsuccessful- when passing the entity mappings parameter
Expected Behavior
The following command (identical to the above cmd- minus the passing of the entity-mapping parameter) works fine:
az sentinel alert-rule create -g <resource-group> -w <workspace-name> -n 001 --scheduled "{alert-rule-template-name:18e6a87e-9d06-4a4e-8b59-3469cd49552d,description:test,display-name:test-rule,enabled:true,query:Heartbeat,query-frequency:P1D,query-period:P1D,severity:High,suppression-duration:P1D,suppression-enabled:false,tactics:[Collection],techniques:[T1005],template-version:1.1.2,trigger-operator:GreaterThan,trigger-threshold:0}"
See successful output below:
Environment Summary
Linux-5.4.0-1104-azure-x86_64-with-glibc2.35 (Cloud Shell), CBL-Mariner/Linux
Python 3.9.14
Installer: RPM
azure-cli 2.45.0
Extensions:
sentinel 0.2.0
ai-examples 0.2.5
ml 2.13.0
ssh 1.1.3
Dependencies:
msal 1.20.0
azure-mgmt-resource 21.1.0b1
Additional Context
This is autogenerated. Please review and update as needed.
Describe the bug
The 'entity-mappings' parameter of the 'az sentinel alert-rule create' command doesn't seem to be functioning as expected.
I am able to create an analytic rule without passing this parameter. However, I get an error when passing the entity-mappings parameter.
Command Name
az sentinel alert-rule create -g <resource-group> -w <workspace-name> -n 0080 --scheduled...Errors:
See screenshot:
To Reproduce:
Steps to reproduce the behavior.
az sentinel alert-rule create -g <resource-group> -w <workspace-name> -n 100 --scheduled "{alert-rule-template-name:18e6a87e-9d06-4a4e-8b59-3469cd49552e,description:test,display-name:test,enabled:true,query:Heartbeat,query-frequency:P1D,query-period:P1D,severity:High,suppression-duration:P1D,suppression-enabled:false,tactics:[Collection],techniques:[T1005],template-version:1.1.2,trigger-operator:GreaterThan,trigger-threshold:0,entity-mappings:[{entity-type:Host,field-mappings:[{column-name:Computer,identifier:FullName}]}]}"Expected Behavior
The following command (identical to the above cmd- minus the passing of the entity-mapping parameter) works fine:
az sentinel alert-rule create -g <resource-group> -w <workspace-name> -n 001 --scheduled "{alert-rule-template-name:18e6a87e-9d06-4a4e-8b59-3469cd49552d,description:test,display-name:test-rule,enabled:true,query:Heartbeat,query-frequency:P1D,query-period:P1D,severity:High,suppression-duration:P1D,suppression-enabled:false,tactics:[Collection],techniques:[T1005],template-version:1.1.2,trigger-operator:GreaterThan,trigger-threshold:0}"See successful output below:
Environment Summary
Additional Context