AWS Security Hub Integration with Sentinel "Authentication Issue" #11165
Comments
|
Hi @Mandar16161, FunctionsAppConfiguration.docx |
|
Hi @Mandar16161, |
|
Hi @v-rusraut i am not able to access the document shared by you. |
|
Hi @Mandar16161, • Open Azure portal and search ‘Microsoft Entra ID’ • Click on Enterprise applications • Type your function app name in search textbox and copy Application ID • Open function app -> Settings - > Environment variables - > App settings ->
• After that restart the function app |
|
Hi @Mandar16161, |
|
Hi @v-rusraut, |
|
@v-rusraut please let me know did you provide any RBAC role the managed identity during the deployment? |
|
Hi @Mandar16161, not provided any role while deployment, what error you are getting now ? |
|
Same issue we had the client id in place already . |
|
|
|
|
|
|
|
We having same exact issue, ClientID is correct, have verified it multiple times. |
|
|
|
Hi @rcscoggin at line no 75 add |
|
Hi @Mandar16161, which new error you are getting now? |
|
Hi @v-rusraut |
|
Hi @Mandar16161, |
|
Hi @rcscoggin, |
|
@v-rusraut I don't have any changes in place nor do I see an update in the code on the repo, just the current branch. Would probably be better for @Mandar16161 to share his logs with his new error after fixing line 75 then another log after modifying 155. |
|
Hi @Mandar16161, |
|
Hi we have currently stopped the testing due to too many errors, we are co-ordinating with Microsoft Team to get a resolution on this. |
|
Hi @Mandar16161, as you mentioned you are coordinating with the Microsoft Team for this, can we close this issue, or do you still need support? |
|
Hi, end user here of the solution. We still have the original issue, we reached out to Microsoft and they said they do not support this code and to contact authors of the code for resolution. Would ask you not close issue as we would have to open another. We are still getting the original error that Mandar16161 is getting. thanks. |
|
Hi @rcscoggin, we received a response from @sreedharande indicating that the error you’re encountering is due to incorrect AWS side configuration. Please refer to the following section of the README file for AWS side configuration : https://github.com/Azure/Azure-Sentinel/blob/master/DataConnectors/AWS-SecurityHubFindings/README.md#aws |
|
@v-rusraut right, we are not a new user of this and have deployed the connector over the past years many times. We have triple checked the AWS settings. What we are NOT seeing are any entries in the signin logs for the managed identity indicating the code never attempts to properly authenticate. We had troubleshooted to the same issue that the ManagedIdentityCredential call may be suspect. Please, confirm on your side that the managed identity would have some entry in the signin logs for a failed attempt since that would happen BEFORE it would attempt to use the AWS api hence resulting in some evidence of the Azure authentication code having been able to at least attempt an authentication. Thanks, |
|
Hi @sreedharande , please help on this issue. |
|
Hi @v-rusraut we are still not able to resolve the issue, @sreedharande your support on this would be appreciated. |
Describe the bug
Deploying the AWS security hub gives a AAD authentication related issue when test run in the function app.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
The steps are followed as mentioned in the document, the managed identity should have authenticated but its failing while runing.
Screenshots
Desktop (please complete the following information):
Smartphone (please complete the following information):
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: