All Apps and Add-ons

MS Azure Add-on (TA-MS-AAD) "TypeError: '>' not supported between instances of 'str' and 'NoneType'"

samejgink
Explorer

Using Microsoft Azure Add-on for Splunk v 3.0.0, have successfully gotten events from AD & Event Hub and now we are now attempting to get Security Center Alerts & Tasks but we're getting the following stack trace:

 

 

2020-12-09 22:24:55,806 ERROR pid=31658 tid=MainThread file=base_modinput.py:log_error:309 | Get error when collecting events.
Traceback (most recent call last):
  File "/opt/splunk/etc/apps/TA-MS-AAD/bin/ta_ms_aad/aob_py3/modinput_wrapper/base_modinput.py", line 128, in stream_events
    self.collect_events(ew)
  File "/opt/splunk/etc/apps/TA-MS-AAD/bin/azure_security_center_input.py", line 88, in collect_events
    input_module.collect_events(self, ew)
  File "/opt/splunk/etc/apps/TA-MS-AAD/bin/input_module_azure_security_center_input.py", line 83, in collect_events
    if (this_changedTime > max_asc_task_date):
TypeError: '>' not supported between instances of 'str' and 'NoneType'

 

 

Our app has "Reader" permissions in Azure which fixed a 403 error before we got to this point, and its very likely that this error is related to a permission setting somewhere in Azure (potentially similar to this solved question). This error is only happening for Security TASKs, though we are not getting any events for Security Alerts either when one is enabled and the other is disabled.

Labels (1)
Tags (2)
0 Karma
Get Updates on the Splunk Community!

Accelerate Service Onboarding, Decomposition, Troubleshooting - and more with ITSI’s ...

Accelerate Service Onboarding, Decomposition, Troubleshooting - and more!  Faster Time to Value Managing and ...

New Release | Splunk Enterprise 9.3

Admins and Analyst can benefit from:  Seamlessly route data to your local file system to save on storage ...

2024 Splunk Career Impact Survey | Earn a $20 gift card for participating!

Hear ye, hear ye! The time has come again for Splunk's annual Career Impact Survey!  We need your help by ...