Deploy ASIM to Azure Fails #9546
Comments
|
Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal. |
|
hi @Wallace4444 we are aware of this issue and we're looking into its fix. For now, can you please try installing the schema you need individually. If you get error with individual schemas as well, please retry 2-3 times. This issue is more related to Log Analytics than Sentinel, we are working with concerned teams to get this resolved soon. Thankyou |
|
Hi @Wallace4444, hope you are doing well. As this issue has already been reported in the following GitHub issue: - #8623 and is presently under investigation, we recommend monitoring the issue for updates. Consequently, we are closing this issue for the time being. Feel free to comment on #8623 if there is anything you would like to share more. |
Describe the bug
When deploying ASIM to Azure from https://github.com/Azure/Azure-Sentinel/tree/master/ASIM, the deployment fails.
A number of parsers fail with:
The resource write operation failed to complete successfully, because it reached terminal provisioning state 'Failed'. (Code: ResourceDeploymentFailure)
At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-deployment-operations for usage details. (Code: DeploymentFailed), {
"error": {
}
} (Code: Conflict)
Have tested on a brand new Sentinel workspace and it fails with same error.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
ASIM Parsers deployed successfully.
Screenshots
Desktop (please complete the following information):
The text was updated successfully, but these errors were encountered: