All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

MS Azure Add-on (TA-MS-AAD) "TypeError: '>' not supported between instances of 'str' and 'NoneType'"

samejgink
Explorer
‎12-09-2020 08:49 PM

Using Microsoft Azure Add-on for Splunk v 3.0.0, have successfully gotten events from AD & Event Hub and now we are now attempting to get Security Center Alerts & Tasks but we're getting the following stack trace:

 

 

2020-12-09 22:24:55,806 ERROR pid=31658 tid=MainThread file=base_modinput.py:log_error:309 | Get error when collecting events.
Traceback (most recent call last):
  File "/opt/splunk/etc/apps/TA-MS-AAD/bin/ta_ms_aad/aob_py3/modinput_wrapper/base_modinput.py", line 128, in stream_events
    self.collect_events(ew)
  File "/opt/splunk/etc/apps/TA-MS-AAD/bin/azure_security_center_input.py", line 88, in collect_events
    input_module.collect_events(self, ew)
  File "/opt/splunk/etc/apps/TA-MS-AAD/bin/input_module_azure_security_center_input.py", line 83, in collect_events
    if (this_changedTime > max_asc_task_date):
TypeError: '>' not supported between instances of 'str' and 'NoneType'

 

 

Our app has "Reader" permissions in Azure which fixed a 403 error before we got to this point, and its very likely that this error is related to a permission setting somewhere in Azure (potentially similar to this solved question). This error is only happening for Security TASKs, though we are not getting any events for Security Alerts either when one is enabled and the other is disabled.

Labels (1)
Labels
Tags (2)
0 Karma
Reply
Get Updates on the Splunk Community!

What the End of Support for Splunk Add-on Builder Means for You

Hello Splunk Community! We want to share an important update regarding the future of the Splunk Add-on Builder ...

Solve, Learn, Repeat: New Puzzle Channel Now Live

Welcome to the Splunk Puzzle PlaygroundIf you are anything like me, you love to solve problems, and what ...

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...