Dashboard error: 'project' operator: Failed to resolve table or column expression named 'process_create_whitelist'... #51
Comments
|
Got the issue fixed. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Maybe something has changed in Azure, but the guide in https://github.com/BlueTeamLabs/sentinel-attack/wiki/Sysmon-Threat-Hunting-workbook---post-deployment-configuration can no longer be followed.
Azure does not allow me to use the exact workspace name as the underlying log analytics workspace of my Sentinel instance.
My Sentinel workspace name is over 24 characters, so when I was using my workspace name it gave me an error the name must be between 3 and 24 characters.
Then I tried creating using a shorter name and it gave me an error that the name is already taken, which it actually wasn't.
Only when I used a short name and also a number in the workspace name, the custom deployment worked.
Now inside that storage account container, I'm getting errors when I try to upload the whitelist csv files. And randomly after trying a few days, it worked. I got the files uploaded, but the ATT&CK trigger overview tab still gives me the same error.
Not sure where to go from here.
The text was updated successfully, but these errors were encountered: