I'm trying to create an automation rule in Sentinel using the below command in powershell runbook. I have already imported SecurityInsights module of 5.1 version in Runbook. The same command is working fine in VScode powershell. But facing issue only in runbook.
Can anyone please help me out regarding the same ...
$LogicAppResourceId = Get-AzLogicApp -ResourceGroupName "myResourceGroup" -Name "Reset-AADPassword"
$automationRuleAction = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.AutomationRuleRunPlaybookAction]::new()
$automationRuleAction.Order = 1
$automationRuleAction.ActionType = "RunPlaybook"
$automationRuleAction.ActionConfigurationLogicAppResourceId = ($LogicAppResourceId.Id)
$automationRuleAction.ActionConfigurationTenantId = (Get-AzContext).Tenant.Id
New-AzSentinelAutomationRule -ResourceGroupName "myResourceGroup" -WorkspaceName "myWorkspaceName" -Id ((New-Guid).Guid) -Action $automationRuleAction -DisplayName "Run Playbook to reset AAD password" -Order 2 -TriggeringLogicIsEnabled
I'm facing the below error:
System.Management.Automation.RuntimeException: Unable to find type [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.AutomationRuleRunPlaybookAction].
at System.Management.Automation.TypeOps.ResolveTypeName(ITypeName typeName, IScriptExtent errorPos)
at System.Management.Automation.Interpreter.FuncCallInstruction`3.Run(InterpretedFrame frame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)
System.Management.Automation.RuntimeException: The property 'Order' cannot be found on this object. Verify that the property exists and can be set.
at CallSite.Target(Closure , CallSite , Object , Int32 )
at System.Dynamic.UpdateDelegates.UpdateAndExecute2[T0,T1,TRet](CallSite site, T0 arg0, T1 arg1)
at System.Management.Automation.Interpreter.DynamicInstruction`3.Run(InterpretedFrame frame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)
System.Management.Automation.RuntimeException: The property 'ActionType' cannot be found on this object. Verify that the property exists and can be set.
at CallSite.Target(Closure , CallSite , Object , String )
at System.Dynamic.UpdateDelegates.UpdateAndExecute2[T0,T1,TRet](CallSite site, T0 arg0, T1 arg1)
at System.Management.Automation.Interpreter.DynamicInstruction`3.Run(InterpretedFrame frame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)
System.Management.Automation.RuntimeException: The property 'ActionConfigurationLogicAppResourceId' cannot be found on this object. Verify that the property exists and can be set.
CodePudding user response:
I have reproduced in my environment and got expected results as below:
I have tried your command and got same error as you got at first:
Then I have imported Az.SecurityInsights from local computer by following below process:
Firstly, Downloaded file from here:
Then I have imported into run book as below:
It took some time to import and download into azure portal:
(Had imported 3 versions didn't know which one worked though and waited for around 30 min and came back)
Then I added below command into my script at the beginning of your code then rest of the code:
Import-Module Az.SecurityInsights
Now when i test it and it got completed without errors as below
