Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[azure-mgmt-securityinsight] Cannot (always) fetch the query attribute in an alert rule

See original GitHub issue
  • Package Name: azure-mgmt-securityinsight
  • Package Version: 1.0.0
  • Operating System: macOS-12.5.1
  • Python Version: 3.10.8

Describe the bug I’m currently developing locally an Azure function that communicates with Microsoft Sentinel, in order to fetch the alert rules from it, and more specifically their respective querys :

credentials = AzureCliCredential()
    alert_rules_operations = SecurityInsights(
        credentials, SUBSCRIPTION_ID).alert_rules
    list_alert_rules = alert_rules_operations.list(resource_group_name=os.getenv(
        'RESOURCE_GROUP_NAME'), workspace_name=os.getenv('WORKSPACE_NAME'))

The issue is that when I’m looping over list_alert_rules, and try to see each rule’s query, I get an error: Exception: AttributeError: 'FusionAlertRule' object has no attribute 'query'. Yet, when I check their type via the type() function:

list_alert_rules = alert_rules_operations.list(resource_group_name=os.getenv(
        'RESOURCE_GROUP_NAME'), workspace_name=os.getenv('WORKSPACE_NAME'))
for rule in list_alert_rules:
     print(type(rule))
##console: <class 'azure.mgmt.securityinsight.models._models_py3.ScheduledAlertRule'>

The weirder issue is that this error appears only when you don’t print the attribute. Let me show you:

  • Print:
for rule in list_alert_rules:
     query = rule.query
     print('query', query)
##console: query DATABASE_NAME | where TABLE_NAME... blabla

No error. The object returns the necessary info. However when I don’t request to print it:

  • No print:
for rule in list_alert_rules:
     query = rule.query
        ...
##console: Exception: AttributeError: 'FusionAlertRule' object has no attribute 'query'.

To Reproduce Steps to reproduce the behavior:

  1. Try to fetch Sentinel alert rules, and to get their respective queries via the Python SDK.

Expected behavior I expect to be always able to fetch the query attribute, whether I’m printing it in the console or not.

TIA!

Issue Analytics

  • State:closed
  • Created a year ago
  • Comments:8 (4 by maintainers)

github_iconTop GitHub Comments

1reaction
msyyccommented, Oct 20, 2022

Hi @FaresKi According to the description of “AlertRule”: https://github.com/Azure/azure-sdk-for-python/blob/e00c844abc68b2e7a75397cad898f37c2aea0393/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/_models_py3.py#L2022-L2027 It means that service will return list of sub-class of AlertRule. During the sub-class, only a few sub-class has “query” attribute while some are not like: https://github.com/Azure/azure-sdk-for-python/blob/e00c844abc68b2e7a75397cad898f37c2aea0393/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/_models_py3.py#L20270-L20342. So before use “query”, you need to check whether it exists like:

for rule in list_alert_rules:
     if hasattr(rule, "query"):
        ...
0reactions
FaresKicommented, Oct 20, 2022

Alright, I see. Thanks guys!

Read more comments on GitHub >

github_iconTop Results From Across the Web

Azure-mgmt-monitor credential can't get token · Issue #14044
Package Name: azure-mgmt-monitor Package Version: 1.0.1 Operating ... bug I want to get VM CPU usage, So I run MonitorClient(credentials, ...
Read more >
azure.mgmt.securityinsight.operations. ...
<xref:alert_rules> attribute. ... get. Gets the alert rule. list. Gets all alert rules. ... rule_id: str, alert_rule: azure.mgmt.securityinsight.models.
Read more >
Best practices for queries used in log alert rules
Log alert rule queries in Log Analytics and Application Insights should always start with a table to define a clear scope for the...
Read more >
Alert Rule Templates - List - REST API (Azure Sentinel)
GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.
Read more >
Alert Rules - Get - REST API (Azure Sentinel)
The name of the workspace. api-version. query, True. string. The API version to use for this operation.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

[Question] How do I retrieve the outputs of each trials of a sweep job?

Next page

'EmailClient' object has no attribute 'get_sent_status'