Describe the bug
We are trying to use an experimental extension: az sentinel threat-indicator list.
There's a parameter --skip-token for large datasets but the output of the extension does not provide the nextLink.
e.g. --top 500 to list the threat indicators in batches of 500 (have 7122 in total).
Is this a bug?It would be helpful to provide an example of:
- How to use the az sentinel threat-indicator list extension?
- What is the expected output (what does this nextLink look like in the output)?
- Check if the extension is working as intended.
Related command
az sentinel threat-indicator list --resource-group $resourceGroupName
--workspace-name $workspaceName --top "1"
--output json
Errors
Output (no nextLink element?):
This command is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus
[
{
"created": "2024-08-28T02:15:01.9277641Z",
"description": "xxx",
"displayName": "xxx",
"etag": ""xxx"",
"externalId": "xxx",
"externalLastUpdatedTimeUtc": "2024-08-28T02:15:01.9277641Z",
"id": "xxx",
"kind": "indicator",
"labels": [
"xxx",
"xxx"
],
"lastUpdatedTimeUtc": "2024-08-28T02:15:01.9281699Z",
"name": "xxx",
"parsedPattern": [
{
"patternTypeKey": "file",
"patternTypeValues": [
{
"value": "xxx",
"valueType": "hashes.'MD5'"
}
]
}
],
"pattern": "[file:hashes.'MD5' = 'xxx']",
"patternType": "xxx",
"resourceGroup": "xxx",
"source": "xxx",
"threatIntelligenceTags": [
"xxx",
"xxx"
],
"type": "Microsoft.SecurityInsights/threatIntelligence/main/indicators",
"validFrom": "2024-08-27T00:00:00+00:00"
}
]
Issue script & Debug output
Output (no nextLink element?):
This command is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus
[
{
"created": "2024-08-28T02:15:01.9277641Z",
"description": "xxx",
"displayName": "xxx",
"etag": ""xxx"",
"externalId": "xxx",
"externalLastUpdatedTimeUtc": "2024-08-28T02:15:01.9277641Z",
"id": "xxx",
"kind": "indicator",
"labels": [
"xxx",
"xxx"
],
"lastUpdatedTimeUtc": "2024-08-28T02:15:01.9281699Z",
"name": "xxx",
"parsedPattern": [
{
"patternTypeKey": "file",
"patternTypeValues": [
{
"value": "xxx",
"valueType": "hashes.'MD5'"
}
]
}
],
"pattern": "[file:hashes.'MD5' = 'xxx']",
"patternType": "xxx",
"resourceGroup": "xxx",
"source": "xxx",
"threatIntelligenceTags": [
"xxx",
"xxx"
],
"type": "Microsoft.SecurityInsights/threatIntelligence/main/indicators",
"validFrom": "2024-08-27T00:00:00+00:00"
}
]
Expected behavior
There's a parameter --skip-token for large datasets and the output of the extension can provide the nextLink.
e.g. --top 500 to list the threat indicators in batches of 500 (have 7122 in total).
It would be helpful to provide an example of:
- How to use the az sentinel threat-indicator list extension?
- What is the expected output (what does this nextLink look like in the output)?
- Check if the extension is working as intended.
Environment Summary
Azure CLI (version 2.37.0 or higher)
Additional context
No response
Describe the bug
We are trying to use an experimental extension: az sentinel threat-indicator list.
There's a parameter --skip-token for large datasets but the output of the extension does not provide the nextLink.
e.g. --top 500 to list the threat indicators in batches of 500 (have 7122 in total).
Is this a bug?It would be helpful to provide an example of:
Related command
az sentinel threat-indicator list
--resource-group $resourceGroupName--workspace-name $workspaceName
--top "1"--output json
Errors
Output (no nextLink element?):
This command is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus
[
{
"created": "2024-08-28T02:15:01.9277641Z",
"description": "xxx",
"displayName": "xxx",
"etag": ""xxx"",
"externalId": "xxx",
"externalLastUpdatedTimeUtc": "2024-08-28T02:15:01.9277641Z",
"id": "xxx",
"kind": "indicator",
"labels": [
"xxx",
"xxx"
],
"lastUpdatedTimeUtc": "2024-08-28T02:15:01.9281699Z",
"name": "xxx",
"parsedPattern": [
{
"patternTypeKey": "file",
"patternTypeValues": [
{
"value": "xxx",
"valueType": "hashes.'MD5'"
}
]
}
],
"pattern": "[file:hashes.'MD5' = 'xxx']",
"patternType": "xxx",
"resourceGroup": "xxx",
"source": "xxx",
"threatIntelligenceTags": [
"xxx",
"xxx"
],
"type": "Microsoft.SecurityInsights/threatIntelligence/main/indicators",
"validFrom": "2024-08-27T00:00:00+00:00"
}
]
Issue script & Debug output
Output (no nextLink element?):
This command is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus
[
{
"created": "2024-08-28T02:15:01.9277641Z",
"description": "xxx",
"displayName": "xxx",
"etag": ""xxx"",
"externalId": "xxx",
"externalLastUpdatedTimeUtc": "2024-08-28T02:15:01.9277641Z",
"id": "xxx",
"kind": "indicator",
"labels": [
"xxx",
"xxx"
],
"lastUpdatedTimeUtc": "2024-08-28T02:15:01.9281699Z",
"name": "xxx",
"parsedPattern": [
{
"patternTypeKey": "file",
"patternTypeValues": [
{
"value": "xxx",
"valueType": "hashes.'MD5'"
}
]
}
],
"pattern": "[file:hashes.'MD5' = 'xxx']",
"patternType": "xxx",
"resourceGroup": "xxx",
"source": "xxx",
"threatIntelligenceTags": [
"xxx",
"xxx"
],
"type": "Microsoft.SecurityInsights/threatIntelligence/main/indicators",
"validFrom": "2024-08-27T00:00:00+00:00"
}
]
Expected behavior
There's a parameter --skip-token for large datasets and the output of the extension can provide the nextLink.
e.g. --top 500 to list the threat indicators in batches of 500 (have 7122 in total).
It would be helpful to provide an example of:
Environment Summary
Azure CLI (version 2.37.0 or higher)
Additional context
No response