Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Data processing issue with Azure Sentinel Template: Guided Investigation - Process Alerts.ipynb #117

Open
khangm opened this issue Oct 28, 2021 · 2 comments
Open

Data processing issue with Azure Sentinel Template: Guided Investigation - Process Alerts.ipynb #117

khangm opened this issue Oct 28, 2021 · 2 comments

Comments

@khangm
Copy link

khangm commented Oct 28, 2021

error found in "Show these related alerts on a graph" and "Browse List of Related Alerts" sections when processing data for displaying. Various errors were displayed. Here is the top and bottom part of the output.

AttributeError Traceback (most recent call last)
in
2
3 if related_alerts is not None and not related_alerts.empty:
----> 4 rel_alert_graph = security_alert_graph.add_related_alerts(related_alerts=related_alerts,
global rel_alert_graph = undefined
global security_alert_graph.add_related_alerts = <function add_related_alerts at 0x7f0c8f505820>
global related_alerts = TenantId TimeGenerated
0 xxxxxxxx-xxxx-4e32-xxxx-9bc4bxxx075e 2021-10-26 10:30:18.562000+00:00
1 xxxxxxxx-xxxx-4e32-xxxx-9bc4bxxx075e 2021-10-26 10:30:18.333000+00:00

......
......

entity_type_name = 'url'
raw_entity = {'$id': '13', 'Url': 'https://on-d.oss-cn-shenzhen.aliyuncs.com/download/%E5%8C%97%E4%BA%AC%E5%B8%82%E7%BD%91%E4%B8%8A%E7%A8%8E%E5%8A%A1%E5%B1%80%28%E8%87%AA%E7%84%B6%E4%BA%BA%E7%89%88%29_01210003296.exe', 'Type': 'url'}
450
451 raise TypeError("Could not find a suitable type for {}".format(entity_type))

/anaconda/envs/azureml_py38/lib/python3.8/site-packages/msticpy/datamodel/entities/url.py in init(self=Url(Type=url), src_entity={'$id': '13', 'Type': 'url', 'Url': 'https://on-d.oss-cn-shenzhen.aliyuncs.com/downlo...%AA%E7%84%B6%E4%BA%BA%E7%89%88%29_01210003296.exe'}, **kwargs={})
31 """
32 super().init(src_entity=src_entity, **kwargs)
---> 33 if self.Url:
self.Url = undefined
34 self.dict.update(url_components(self.Url))
35

/anaconda/envs/azureml_py38/lib/python3.8/site-packages/msticpy/datamodel/entities/entity.py in getattr(self=Url(Type=url), name='Url')
196 if name in self._entity_schema:
197 return None
--> 198 raise AttributeError(f"{name} is not a valid attribute.")
global AttributeError = undefined
199
200 def iter(self):

AttributeError: Url is not a valid attribute.
@ianhelle
Copy link
Contributor

ianhelle commented Feb 4, 2022

We've updated the Url entity since this version so it no longer tries to access it's URL property.
We're also planning to update these notebooks in the next couple of months (this one was written aeons ago) so I'll try to check this one out and see that it works properly with up-to-date versions of msticpy.

Thanks for reporting the issue,

@ianhelle ianhelle closed this as completed Feb 4, 2022
@ianhelle ianhelle reopened this Feb 4, 2022
@ianhelle
Copy link
Contributor

ianhelle commented Feb 4, 2022

Leaving open for tracking

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ianhelle @khangm