Invalid property value for properties.sourceType - Creation of Microsoft Sentinel Watchlist with Azure CLI

[gu1llaume-b]

Hi,

There is an error in the documentation for the creation of Microsoft Sentinel watchlists via the Azure CLI. When uploading content from a local file, the --source-type parameter is required (one of the required parameters). The accepted value are "Local file" or "Remote storage" as described in the documentation. However, when providing "Local storage" as a value for the --source-type parameter, I get the following error:

(400) There is an issue with deserializing : Error converting 'Local file' for path 'properties.sourceType'.
Code: 400
Message: There is an issue with deserializing : Error converting 'Local file' for path 'properties.sourceType'.

Azure CLI command being used:
az sentinel watchlist create --name watchlist --resource-group RG --workspace-name LAW --display-name watchlist --provider Microsoft --items-search-key "Asset Name" --source-type "Local file" --source watchlist.csv --raw-content watchlist.csv

After investigating this with the API, I have noticed that the same values are mentioned as being accepted in the documentation. However, in practice, "local" is actually accepted by the API instead of "Local file"

• When "Local file" is provided:
  

• When "Local" is provided:
  

---

Document Details

⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.

• ID: 5f6030e2-3933-24e5-ffbb-214a85e8a420
• Version Independent ID: 7c799022-da60-4422-9066-715a69ac11b5
• Content: az sentinel watchlist
• Content Source: latest/docs-ref-autogen/sentinel/watchlist.yml
• GitHub Login: @rloutlaw
• Microsoft Alias: routlaw

[yonzhan]

Thank you for opening this issue, we will look into it.

Thank you for your feedback. This has been routed to the support team for assistance.

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @amirkeren.

Issue Details

---

Hi,

There is an error in the documentation for the creation of Microsoft Sentinel watchlists via the Azure CLI. When uploading content from a local file, the --source-type parameter is required (one of the required parameters). The accepted value are "Local file" or "Remote storage" as described in the documentation. However, when providing "Local storage" as a value for the --source-type parameter, I get the following error:

(400) There is an issue with deserializing : Error converting 'Local file' for path 'properties.sourceType'.
Code: 400
Message: There is an issue with deserializing : Error converting 'Local file' for path 'properties.sourceType'.

Azure CLI command being used:
az sentinel watchlist create --name watchlist --resource-group RG --workspace-name LAW --display-name watchlist --provider Microsoft --items-search-key "Asset Name" --source-type "Local file" --source watchlist.csv --raw-content watchlist.csv

After investigating this with the API, I have noticed that the same values are mentioned as being accepted in the documentation. However, in practice, "local" is actually accepted by the API instead of "Local file"

• When "Local file" is provided:
  

• When "Local" is provided:
  

---

Document Details

⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.

• ID: 5f6030e2-3933-24e5-ffbb-214a85e8a420
• Version Independent ID: 7c799022-da60-4422-9066-715a69ac11b5
• Content: az sentinel watchlist
• Content Source: latest/docs-ref-autogen/sentinel/watchlist.yml
• GitHub Login: @rloutlaw
• Microsoft Alias: routlaw

Author:	gu1llaume-b
Assignees:	SwathiDhanwada-MSFT
Labels:	Service Attention, customer-reported, SecurityInsights, CXP Attention
Milestone:	-

[jsntcy]

@amirkeren, could you please help check if it's an inconsistency issue between swagger and service?

[amirkeren]

Hi @jsntcy, I was notified by the product group that they do not handle issues via github.
Please open a ticket with support.
Thanks.

[jsntcy]

Got it, thanks.
@SwathiDhanwada-MSFT, could you please help open a ticket with support for this issue?

[SwathiDhanwada-MSFT]

@gu1llaume-b Can you please raise support ticket as requested ?