Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Atlassian Confluence Audit (Preview) connector doesn't work #11475

Closed
odishelidzegio opened this issue Nov 22, 2024 · 8 comments
Closed

Atlassian Confluence Audit (Preview) connector doesn't work #11475

odishelidzegio opened this issue Nov 22, 2024 · 8 comments
Assignees
Labels
Connector Connector specialty review needed

Comments

@odishelidzegio
Copy link

Description
I'm trying to ingest Atlassian Confluence logs to AZ Sentinel via Atlassian Confluence Audit (Preview) connector. I use auto deploy option. When I'm filling out all the required fields and click deploy, everything is deployed successfully but not a log table is created in the logs analytics and the connector shows disconnected. Tried many times but no success. Deployment is always successful, but the connection status is “disconnected”.

To Reproduce
Steps to reproduce the behavior:

  1. From AZ Sentinel content hub, install “Atlassian Confluence Audit (Preview)” connector.
  2. Auto-deploy it and see what happens.
  3. After successful deployment, check if the connector is connected or not.

Screenshots
Image

Image

All deployments are successful:
Image

No results after successful deployment:
Image

@v-visodadasi v-visodadasi added the Connector Connector specialty review needed label Nov 25, 2024
@v-visodadasi
Copy link
Contributor

Hi @odishelidzegio , Thanks for flagging this issue, we will investigate this issue and get back to you with some updates. Thanks!!

@v-sudkharat
Copy link
Contributor

@odishelidzegio, please do share the function app invocations logs screenshots with us.

@odishelidzegio
Copy link
Author

odishelidzegio commented Nov 26, 2024

@v-sudkharat could you please tell me how exactly can I do it?

I can only see this:

Image

@v-sudkharat
Copy link
Contributor

@odishelidzegio

  1. Go to the deployed function app -
    Image

  2. Go to the invocation tab-
    Image

  3. select one of the invocations and send the entire logs message -
    Image

@odishelidzegio
Copy link
Author

odishelidzegio commented Nov 28, 2024

Thanks for assistance, here's a full log of one of the invocations:

Timestamp Log Level Message
11/28/2024, 6:20:00 PM Information Executing 'Functions.ConfluenceAuditAPISentinelConnector' (Reason='Timer fired at 2024-11-
28T14:20:00.0027016+00:00', Id=ca09511b-94c1-47ad-bf19-bc6a9fc8390c)
11/28/2024, 6:20:00 PM Information Starting program
11/28/2024, 6:20:00 PM Information Request URL:
'https://conflauditz3fjcfpooijvs.file.core.windows.net/funcstatemarkershare/funcstatemarkerfile'
11/28/2024, 6:20:00 PM Information Request method: 'GET'
11/28/2024, 6:20:00 PM Information Request headers:
11/28/2024, 6:20:00 PM Information 'Accept': 'application/xml'
11/28/2024, 6:20:00 PM Information 'x-ms-version': 'REDACTED'
11/28/2024, 6:20:00 PM Information 'x-ms-range': 'REDACTED'
11/28/2024, 6:20:00 PM Information 'User-Agent': 'azsdk-python-storage-file-share/12.3.0 Python/3.11.10 (Linux-5.10.102.2-
microsoft-standard-x86_64-with-glibc2.31)'
11/28/2024, 6:20:00 PM Information 'x-ms-date': 'REDACTED'
11/28/2024, 6:20:00 PM Information Request headers:
11/28/2024, 6:20:00 PM Information 'x-ms-version': 'REDACTED'
11/28/2024, 6:20:00 PM Information 'x-ms-content-length': 'REDACTED'
11/28/2024, 6:20:00 PM Information 'x-ms-type': 'REDACTED'
11/28/2024, 6:20:00 PM Information 'x-ms-file-permission': 'REDACTED'
11/28/2024, 6:20:00 PM Information 'x-ms-file-attributes': 'REDACTED'
11/28/2024, 6:20:00 PM Information 'x-ms-file-creation-time': 'REDACTED'
11/28/2024, 6:20:00 PM Information 'x-ms-file-last-write-time': 'REDACTED'
11/28/2024, 6:20:00 PM Information 'User-Agent': 'azsdk-python-storage-file-share/12.3.0 Python/3.11.10 (Linux-5.10.102.2-
microsoft-standard-x86_64-with-glibc2.31)'
11/28/2024, 6:20:00 PM Information 'x-ms-date': 'REDACTED'
11/28/2024, 6:20:00 PM Information 'x-ms-client-request-id': 'da0765d6-ad93-11ef-ac2f-00155d4b192a'
11/28/2024, 6:20:00 PM Information 'Authorization': 'REDACTED'
11/28/2024, 6:20:00 PM Information No body was attached to the request
11/28/2024, 6:20:00 PM Information Response status: 201
11/28/2024, 6:20:00 PM Information Response headers:
11/28/2024, 6:20:00 PM Information 'Content-Length': '0'
11/28/2024, 6:20:00 PM Information 'Last-Modified': 'Thu, 28 Nov 2024 14:20:00 GMT'
11/28/2024, 6:20:00 PM Information 'ETag': '"0x8DD0FB7BE3F193F"'
11/28/2024, 6:20:00 PM Information 'Server': 'Windows-Azure-File/1.0 Microsoft-HTTPAPI/2.0'
11/28/2024, 6:20:00 PM Information 'x-ms-request-id': '43ed776c-601a-00ab-11a0-419ab0000000'
11/28/2024, 6:20:00 PM Information 'x-ms-client-request-id': 'da0765d6-ad93-11ef-ac2f-00155d4b192a'
11/28/2024, 6:20:00 PM Information 'x-ms-version': 'REDACTED'
11/28/2024, 6:20:00 PM Information 'x-ms-file-change-time': 'REDACTED'
11/28/2024, 6:20:00 PM Information 'x-ms-file-last-write-time': 'REDACTED'
11/28/2024, 6:20:00 PM Information 'x-ms-file-creation-time': 'REDACTED'
11/28/2024, 6:20:00 PM Information 'x-ms-file-permission-key': 'REDACTED'
11/28/2024, 6:20:00 PM Information 'x-ms-file-attributes': 'REDACTED'
11/28/2024, 6:20:00 PM Information 'x-ms-file-id': 'REDACTED'
11/28/2024, 6:20:00 PM Information 'x-ms-file-parent-id': 'REDACTED'
11/28/2024, 6:20:00 PM Information 'x-ms-request-server-encrypted': 'REDACTED'
11/28/2024, 6:20:00 PM Information 'Date': 'Thu, 28 Nov 2024 14:19:59 GMT'
11/28/2024, 6:20:00 PM Information Request URL:
'https://conflauditz3fjcfpooijvs.file.core.windows.net/funcstatemarkershare/funcstatemarkerfile?
comp=REDACTED'
11/28/2024, 6:20:00 PM Information Request method: 'PUT'
11/28/2024, 6:20:00 PM Information Request headers:
11/28/2024, 6:20:00 PM Information 'Content-Type': 'application/octet-stream'
11/28/2024, 6:20:00 PM Information 'x-ms-range': 'REDACTED'
11/28/2024, 6:20:00 PM Information 'x-ms-write': 'REDACTED'
11/28/2024, 6:20:00 PM Information 'Content-Length': '20'
11/28/2024, 6:20:00 PM Information 'x-ms-version': 'REDACTED'
11/28/2024, 6:20:00 PM Information 'User-Agent': 'azsdk-python-storage-file-share/12.3.0 Python/3.11.10 (Linux-5.10.102.2-
microsoft-standard-x86_64-with-glibc2.31)'
11/28/2024, 6:20:00 PM Information 'x-ms-date': 'REDACTED'
11/28/2024, 6:20:00 PM Information 'x-ms-client-request-id': 'da0a9e22-ad93-11ef-ac2f-00155d4b192a'
11/28/2024, 6:20:00 PM Information 'Authorization': 'REDACTED'
11/28/2024, 6:20:00 PM Information A body is sent with the request
11/28/2024, 6:20:00 PM Information Response status: 201
11/28/2024, 6:20:00 PM Information Response headers:
11/28/2024, 6:20:00 PM Information 'Content-Length': '0'
11/28/2024, 6:20:00 PM Information 'Content-MD5': 'REDACTED'
11/28/2024, 6:20:00 PM Information 'Last-Modified': 'Thu, 28 Nov 2024 14:20:00 GMT'
11/28/2024, 6:20:00 PM Information 'ETag': '"0x8DD0FB7BE4270D1"'
11/28/2024, 6:20:00 PM Information 'Server': 'Windows-Azure-File/1.0 Microsoft-HTTPAPI/2.0'
11/28/2024, 6:20:00 PM Information 'x-ms-request-id': '43ed776d-601a-00ab-12a0-419ab0000000'
11/28/2024, 6:20:00 PM Information 'x-ms-client-request-id': 'da0a9e22-ad93-11ef-ac2f-00155d4b192a'
11/28/2024, 6:20:00 PM Information 'x-ms-version': 'REDACTED'
11/28/2024, 6:20:00 PM Information 'x-ms-request-server-encrypted': 'REDACTED'
11/28/2024, 6:20:00 PM Information 'Date': 'Thu, 28 Nov 2024 14:19:59 GMT'
11/28/2024, 6:20:00 PM Information Logs not founded. Time period: from 2024-11-28T14:00:00Z to 2024-11-28T14:10:00Z.
11/28/2024, 6:20:00 PM Information Processed 0 events to Azure Sentinel. Time period: from 2024-11-28T14:00:00Z to 2024-11-
28T14:10:00Z.
11/28/2024, 6:20:00 PM Information Executed 'Functions.ConfluenceAuditAPISentinelConnector' (Succeeded, Id=ca09511b-94c1-
47ad-bf19-bc6a9fc8390c, Duration=395ms)

@v-sudkharat
Copy link
Contributor

@odishelidzegio, Thanks for sharing the logs.
As per the shared logs, the logs are not available/ generated in Source itself (Atlassian side), so due to that the correct configured connector has not send any events/ logs in your Sentinel Workspace -

11/28/2024, 6:20:00 PM Information Logs not founded. Time period: from 2024-11-28T14:00:00Z to 2024-11-28T14:10:00Z.
11/28/2024, 6:20:00 PM InformationProcessed 0 events to Azure Sentinel.Time period: from 2024-11-28T14:00:00Z to 2024-11-
28T14:10:00Z.

If you see in invocation, it mentioned as - Processed 0 events to Azure Sentinel.

So, suggestion would be, kindly check the logs are generated/ created in source. Many Thanks!

@odishelidzegio
Copy link
Author

Yes, I see, and it's strange, because in Confluence I see the Audit Logs.

This is from Confluence's side, and there are so many logs:

Image

@odishelidzegio
Copy link
Author

@v-sudkharat I don't know how, but the connector has been fixed. I have not made changes to it or to confluence, fixed by itself I guess.

The logs are now ingested, so we can close the issue, I believe.

Thanks for your help!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Connector Connector specialty review needed
Projects
None yet
Development

No branches or pull requests

4 participants