I'm having problems with the 'status' field from the Microsoft Graph Security API.
example
GET /graph.microsoft.com/v1.0/security/alerts/03da5d48-a892-4ea6-9949-dc902283e2d8f
Returns status 200 with a JSON object.
The problem is that the alert is 'resolved' in Cloud App Security.
But the API returns "status": "newAlert" on the object.
Does anyone have an idea of what I'm doing wrong?
Docs: link
If you updated the alert status via Cloud App Security portal and then called Get method from the Graph Security API, you should see that the alert status returned from the API reflected as such. If you don't see the status update as expected, then please file a Github issue with details of your issue here.
Related
I have an instance of APIM which hosts multiple APIs. This include multiple post operations.
I have observed many Get calls being logged for the endpoint which are actually Post. I verified from client who uses it and they are not making any get calls for the same. When I searched IPs logged in app insights it belongs to Microsoft.
Where the actual API is post operation as shown below
May I know why these get calls are made? Is there any possibility these are from APIM?
I raised Microsoft ticket to understand why we are getting unknown Get calls. They analyzed IP address where its coming from then they got to know its coming from Microsoft Teams. If somebody post URL in Teams, then Teams trying to render the url in order to get some information to show in the chat. In this attempt it makes a Get calls
The Microsoft documentation states:
Provide a notification endpoint URL: In the Notification Endpoint URL
box, provide an HTTPS Webhook endpoint to receive notifications about
all CRUD operations on managed application instances of this plan
version.
I created a simple Logic App and copied the HTTP endpoint into my MPN App Plan under the
It looks like this and has the sig at the end:
https://prod-08.australiaeast.logic.azure.com:443/workflows/fe287d1b9a8c48619a1b44765dad6dc7/triggers/manual/paths/invoke?api-version=2016-10-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=C9JYfNPjvq-efsLwW66A4K4zTgx6qxGT1oH0RZZRsI0
To test it I hit it with PostMan and confirm that it is getting an HTTP200 as per the MS Docs.
I publish the app to the marketplace:
(you can see the app live here - https://azuremarketplace.microsoft.com/en-us/marketplace/apps/data-drivenai1581501556049.cloudmonitor-analytics-engine)
However - the endpoint never gets called at all. I can see in the logs that no attempt (failed or past) has been made to call it.
I raised a Microsoft Support Ticket and asked a Technical Specialist, however no one can tell me how to debug it or why it is not calling back on installs or failed installs.
Has anyone seen this working?
Update
I found out that each PLAN has a GUID that is automatically used for deployment. Mine is "pid-34881ea9-xxxx--xxxx-xxxx-2cf731e06ef7-partnercenter" - should I be putting this on the callback notification URL as sig=ThisGUID?
In the example for Managed apps with notifications, it shows that managed applications will send a post to https://{your_endpoint_URI}/resource. Can you try adding /resource to your listener and see if it triggers your logic app? I believe that should fix this.
From my previous question link here it appears that we do not have a feature in any version of TFS/Azure DevOps to setup monitoring for the webhook subscriptions.
As a workaround I'm now looking to write a PowerShell script to check the heartbeat of the subscription. From the Microsoft documentation link here it appears we can get the SubscriptionStatus by querying the subscription ID.
On a GET request for below API I receive all the details specified in the documentation but I'm unable to find "status" in the response.
Does anybody know if there is any other way to get the SubscriptionStatus.
https://collectionurl/_apis/hooks/subscriptions/3d9af4ba-d642-4c80-8d62-34cabca322f9
Try listing the subscriptions instead:
GET https://collectionurl/_apis/hooks/subscriptions?api-version=5.1
You can filter the results using query parameters as follows:
GET https://collectionurl/_apis/hooks/subscriptions?publisherId={publisherId}&eventType={eventType}&consumerId={consumerId}&consumerActionId={consumerActionId}&api-version=5.1
You should see status there somewhere.
I found that my API in question is correct, but for some reason i'm not getting 'enabled' status, I tested successfully for all other status mentioned here.
I'm now setting up my PowerShell to execute every 5mins to check the webhook for its status and send an email for any other status than 'enabled'.
If the status is 'enabled' or 'empty' I further check consumerInputs.url to check if the webhook is alive.
This works perfectly fine.
I have a basic plan of docusign which gives me 5 envelop per month. I am testing my integration key on demo api before going live. It needs 20+ api test calls before upgrading demo integration key to live. But after 5 demo api calls it is giving me following error:
Exception: ENVELOPE_ALLOWANCE_EXCEEDED The envelope allowance for the account has been exceeded.
Can someone please help as I am new to docusign.
Demo accounts should not have such a strict envelope limit. First, I would recommend confirming your calls we're actually hitting your Sandbox. To do so, log in to the demo environment: from https://developers.docusign.com/ click on Go to Sandbox. If you log in through that method, do you see the envelopes you created using your integration?
If so, your Sandbox may have been incorrectly provisioned. Please send an email to go-live#docusign.com with your Production account ID and your Demo account ID.
I was trying to access Office365 Audit logs through Office365 Management API(Link). I have done most of the configurations as described in the link. I am able to get AuzreActiveDirectory audit data. But SharePoint and Exchange audit logs are not working.
Note: I have not used webhook. Does this has something to do?
Any help is appreciated.
webhooks are optional. Once you subscribe to a particular content type (EXO, SPO, AAD), you can periodically poll for new content using the /content operation.
When you first subscribe, there can be a lag before data is first available. Are you still not seeing EXO or SPO data?