Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sentinel onboarding via OnboardingStates API #811

Merged
merged 3 commits into from
Jul 11, 2024
Merged

Sentinel onboarding via OnboardingStates API #811

merged 3 commits into from
Jul 11, 2024

Conversation

cloudchristoph
Copy link
Contributor

Overview/Summary

This PR includes a call to the OnboardingStates API for correctly onboarding Sentinel.
The simple deployment of the "SecurityInsights" solution is considered deprecated since July 1st. Source: https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/what-s-new-azure-sentinel-new-onboarding-offboarding-api/bc-p/3671438 and mail from MS linked in the issue #802.

Why is the SecurityInsights solution still deployed and not removed?

The onboardingStates API doesn't allow setting the SKU for Sentinel. Since this is an option within this template, I've left the deployment as is.
See the comment from "laithhisham". Quote:

The OnboardingStates endpoint does not support managing the SKU directly, however you can still issue a call to the Microsoft.OperationsManagement/solutions to manage the SKU. The important point is that installing the solution on its own will no longer be considered a valid onboarding of a workspace to Sentinel, you will need to also issue a call to Microsoft.SecurityInsights/onboardingStates/default in order to complete the onboarding process. Otherwise, the calls to Sentinel's RP will fail.
The deprecation will be of the legacy support of reaching Sentinel's RP after having only the solution installed and without defining the OnboardingStates. In that case you will start getting BadRequest (WorkspaceNotOnboarded).
Hope this clarifies the change.

I didn't updated the remaining API versions, because DCRs are failing to deploy with the latest version. Separate issue.

Related Issues/Work Items

This PR fixes/adds/changes/removes

Fixes #802
Closes #802

Breaking Changes

No breaking change.

Testing Evidence

CleanShot 2024-07-11 at 16 46 36@2x

As part of this Pull Request I have

oZakari
oZakari approved these changes Jul 11, 2024
View reviewed changes
Copy link
Contributor

@oZakari oZakari left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks much @cloudchristoph!

@oZakari
Copy link
Contributor

oZakari commented Jul 11, 2024

/azp run validateazcloud

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@oZakari oZakari added Type: Bug 🪲 Something isn't working Area: Logging & Automation 📷 Issues / PR's related to Logging & Automation labels Jul 11, 2024
@oZakari oZakari merged commit 9517fc2 into Azure:main Jul 11, 2024
11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@oZakari oZakari oZakari approved these changes

Assignees
No one assigned
Labels
Area: Logging & Automation 📷 Issues / PR's related to Logging & Automation Type: Bug 🪲 Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Sentinel Onboarding via SecurityInsights solution is deprecated
2 participants
@cloudchristoph @oZakari