Errors observed in the JumpCloud Function App

[HotdogAndBaloney314]

Hi Team,

We've recently used the JumpCloud data connector available in this repository. Logs are now flowing in to Microsoft Sentinel. However, we're seeing 2 errors in the log stream. See below:

Error 1:
2025-01-08T13:10:20Z [Warning] Error response [ea143ec5-5517-4b81-91df-563cdbbe1b0f] 409 The specified container already exists. (00.0s) Server:Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id:f8127057-d01e-0011-7fce-612bae000000 x-ms-client-request-id:ea143ec5-5517-4b81-91df-563cdbbe1b0f x-ms-version:2023-11-03 x-ms-error-code:ContainerAlreadyExists Date:Wed, 08 Jan 2025 13:10:19 GMT Content-Length:230 Content-Type:application/xml

Error 2:
2025-01-21T11:35:07Z [Error] ERROR: Cannot find an overload for "ToString" and the argument count: "1". Exception : Type : System.Management.Automation.MethodException ErrorRecord : Exception : Type : System.Management.Automation.ParentContainsErrorRecordException Message : Cannot find an overload for "ToString" and the argument count: "1". HResult : -2146233087 CategoryInfo : NotSpecified: (:) [], ParentContainsErrorRecordException FullyQualifiedErrorId : MethodCountCouldNotFindBest InvocationInfo : ScriptLineNumber : 136 OffsetInLine : 9 HistoryId : 1 ScriptName : C:\home\site\wwwroot\JCQueueTrigger1\run.ps1 Line : $LastRecordTimestamp = $LastRecordTimeStamp.ToString('yyyy-MM-ddThh:mm:ssZ') Statement : $LastRecordTimestamp = $LastRecordTimeStamp.ToString('yyyy-MM-ddThh:mm:ssZ') PositionMessage : At C:\home\site\wwwroot\JCQueueTrigger1\run.ps1:136 char:9 + $LastRecordTimestamp = $LastRecordTimeStamp.ToString('yyyy-MM … + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ PSScriptRoot : C:\home\site\wwwroot\JCQueueTrigger1 PSCommandPath : C:\home\site\wwwroot\JCQueueTrigger1\run.ps1 CommandOrigin : Internal ScriptStackTrace : at , C:\home\site\wwwroot\JCQueueTrigger1\run.ps1: line 136 TargetSite : System.Object CallSite.Target(System.Runtime.CompilerServices.Closure, System.Runtime.CompilerServices.CallSite, System.Object, System.String) Message : Cannot find an overload for "ToString" and the argument count: "1". Source : Anonymously Hosted DynamicMethods Assembly HResult : -2146233087 StackTrace : at CallSite.Target(Closure, CallSite, Object, String) at System.Dynamic.UpdateDelegates.UpdateAndExecute2[T0,T1,TRet](CallSite site, T0 arg0, T1 arg1) at CallSite.Target(Closure, CallSite, Object, String) at (Closure, FunctionContext) CategoryInfo : NotSpecified: (:) [], MethodException FullyQualifiedErrorId : MethodCountCouldNotFindBest InvocationInfo : ScriptLineNumber : 136 OffsetInLine : 9 HistoryId : 1 ScriptName : C:\home\site\wwwroot\JCQueueTrigger1\run.ps1 Line : $LastRecordTimestamp = $LastRecordTimeStamp.ToString('yyyy-MM-ddThh:mm:ssZ') Statement : $LastRecordTimestamp = $LastRecordTimeStamp.ToString('yyyy-MM-ddThh:mm:ssZ') PositionMessage : At C:\home\site\wwwroot\JCQueueTrigger1\run.ps1:136 char:9 + $LastRecordTimestamp = $LastRecordTimeStamp.ToString('yyyy-MM … + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ PSScriptRoot : C:\home\site\wwwroot\JCQueueTrigger1 PSCommandPath : C:\home\site\wwwroot\JCQueueTrigger1\run.ps1 CommandOrigin : Internal ScriptStackTrace : at , C:\home\site\wwwroot\JCQueueTrigger1\run.ps1: line 136
2025-01-21T11:35:07Z [Error] ERROR: Cannot find an overload for "ToString" and the argument count: "1". Exception : Type : System.Management.Automation.MethodException ErrorRecord : Exception : Type : System.Management.Automation.ParentContainsErrorRecordException Message : Cannot find an overload for "ToString" and the argument count: "1". HResult : -2146233087 CategoryInfo : NotSpecified: (:) [], ParentContainsErrorRecordException FullyQualifiedErrorId : MethodCountCouldNotFindBest InvocationInfo : ScriptLineNumber : 136 OffsetInLine : 9 HistoryId : 1 ScriptName : C:\home\site\wwwroot\JCQueueTrigger1\run.ps1 Line : $LastRecordTimestamp = $LastRecordTimeStamp.ToString('yyyy-MM-ddThh:mm:ssZ') Statement : $LastRecordTimestamp = $LastRecordTimeStamp.ToString('yyyy-MM-ddThh:mm:ssZ') PositionMessage : At C:\home\site\wwwroot\JCQueueTrigger1\run.ps1:136 char:9 + $LastRecordTimestamp = $LastRecordTimeStamp.ToString('yyyy-MM … + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ PSScriptRoot : C:\home\site\wwwroot\JCQueueTrigger1 PSCommandPath : C:\home\site\wwwroot\JCQueueTrigger1\run.ps1 CommandOrigin : Internal ScriptStackTrace : at , C:\home\site\wwwroot\JCQueueTrigger1\run.ps1: line 136 TargetSite : System.Object CallSite.Target(System.Runtime.CompilerServices.Closure, System.Runtime.CompilerServices.CallSite, System.Object, System.String) Message : Cannot find an overload for "ToString" and the argument count: "1". Source : Anonymously Hosted DynamicMethods Assembly HResult : -2146233087 StackTrace : at CallSite.Target(Closure, CallSite, Object, String) at (Closure, FunctionContext) CategoryInfo : NotSpecified: (:) [], MethodException FullyQualifiedErrorId : MethodCountCouldNotFindBest InvocationInfo : ScriptLineNumber : 136 OffsetInLine : 9 HistoryId : 1 ScriptName : C:\home\site\wwwroot\JCQueueTrigger1\run.ps1 Line : $LastRecordTimestamp = $LastRecordTimeStamp.ToString('yyyy-MM-ddThh:mm:ssZ') Statement : $LastRecordTimestamp = $LastRecordTimeStamp.ToString('yyyy-MM-ddThh:mm:ssZ') PositionMessage : At C:\home\site\wwwroot\JCQueueTrigger1\run.ps1:136 char:9 + $LastRecordTimestamp = $LastRecordTimeStamp.ToString('yyyy-MM … + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ PSScriptRoot : C:\home\site\wwwroot\JCQueueTrigger1 PSCommandPath : C:\home\site\wwwroot\JCQueueTrigger1\run.ps1 CommandOrigin : Internal ScriptStackTrace : at , C:\home\site\wwwroot\JCQueueTrigger1\run.ps1: line 136

We've already updated the runtime and the powershell core version to ~4 and 7.4 respectively based on the recommendation from this link -- #11535

To Reproduce

1. Go to 'Log Streams' in the Function App and monitor for a few minutes for the errors to appear.

Expected behavior
I am expecting to not see any errors within the log streams and the functions

Screenshots

Additionally, is it possible to set the logging level of the function app triggers? We're getting high number of logs into the AppTraces table -- as I understand it, it's possible to edit the host.json file to add the a line to specify the logging level (https://learn.microsoft.com/en-us/azure/azure-functions/configure-monitoring?tabs=v2)

Hoping for your kind response, thank you!

[v-sudkharat]

Hi @JustineTheHacker, Thanks for flagging this issue, we will investigate this issue and get back to you with some updates. Thanks!

[v-sudkharat]

Hi @JustineTheHacker,
Based on the error message you've shared; it appears that the value for$LastRecordTimestampmight not be consistent or is not in the correct format. Updated the script to handle this.
Could you please test the updated script in your Testing environment and let us know if the error still appears in the log stream? Unfortunately, we don't have the log flow in our environment, so your testing would be greatly appreciated.

Below is the updated zip link:
https://github.com/Azure/Azure-Sentinel/raw/8334b2101266782ae75b6f910a7b2deeb58d7d29/DataConnectors/JumpCloud%20Single%20Sign%20On/AzureFunctionJumpCloud/JumpCloudSSO.zip

Go to your function app, and update the above link in WEBSITE_RUN_FROM_PACKAGE:

We have tested with available data and could not get any Error in a Log Stream :

Thanks!

[v-sudkharat]

@JustineTheHacker, Waiting for your response on above comment. Thanks!

[HotdogAndBaloney314]

Hi @v-sudkharat ,

We have now test this -- however, we've seen a drastic reduction in the logs being feeded to Sentinel (which is strangely unusual)

[v-sudkharat]

@JustineTheHacker, Thank you for the response. we will check for the connector behavior with the connector author.
Meantime, could you please send the logs with us -
a. Before updating the function app zip.
b. After updating function app zip.
It will help us analyze the received logs of different scenarios.
Email ID - [email protected]

we will request you, If you have already tested it in your production function app and not in a lab test environment, please update the website run from the package link to the old one, as this will help ensure no logs are missed.
Old link - https://aka.ms/sentinel-Jumpcloud-functionapp

If you are still testing in a lab environment, we recommend keeping the change in place and allowing more time to see if it reduces the logs. Additionally, please check whether you are encountering the same error in the log stream as seen in the preview.

Additionally, We would also like to request that you verify the logs in the JumpCloud console to ensure that the logs being received in Sentinel are the same.

Thanks!

[v-sudkharat]

@JustineTheHacker, could you please verify and let us know that while deployment of the new function app in which the logs are reduced, is value for the Jump Cloud Event Types are same as previously it has?

Change in event type value also may the reason for it.

[HotdogAndBaloney314]

Hi @v-sudkharat,

I presume it still is. We didn't change anything aside from the WEBSITE_RUN_FROM_PACKAGE link. Unfortuantely, we won't be able to provide any logs from our end for confidentiality purposes. Would it be better to delete the old function app, and repdeloy a new one using the new package you provided?

Kind Regards

[HotdogAndBaloney314]

Hi @v-sudkharat ,

I have checked the event types and we're still getting the same event types (though at a much lower rate)

Kind Regards

[v-sudkharat]

Hi @JustineTheHacker, instead of deleting the function app, we recommend simply restarting the function app after updating the WEBSITERUNFROMPACKAGE link.

Answering to your question - we've seen a drastic reduction in the logs being feeded to Sentinel (which is strangely unusual) :

We tested the concern you shared with two different scenarios, deploying two function apps in different environments to verify if there’s any reduction in logs after updating the function app.

In our JumpCloud console we have Total 26 event count of logs:

1. Function App Deployment in Workspace 1 (No Changes):

   • We deployed the function app in our workspace without making any changes:
     

   a. After deployment, we monitored the Log Stream for errors but observed no errors, except for a warning message related to
   the storage account:
   

   b. In Sentinel workspace, we checked the log results:
   

   

2. Function App Deployment in Workspace 2 (With WebsiteRunFromPackage Link Change):

   • We deployed the function app in Workspace 2 after changing the WebsiteRunFromPackage link:
     

   a. After deployment, we again monitored the Log Stream for errors and saw no errors except for the storage account warning:
   

   b. In Sentinel workspace, we checked the log results:
   

   

In both workspaces, we observed no reduction in the log count. The logs remained consistent.

Thanks!

[HotdogAndBaloney314]

Hi @v-sudkharat ,

One thing I've noticed when using the previous script was there were a lot of logs being duplicated -- so it might be what caused the log reduction. I've seen more errors in the "AppTraces" table -- I will send it to your email for analysis.

Kind Regards

[HotdogAndBaloney314]

Hi @v-sudkharat ,

I've sent the errors to your email ID [email protected]. Hoping for your response. Thank you!

Kind Regards

[v-sudkharat]

@HotdogAndBaloney314, Received your mail, but attachment has been blocked by ORG, could you please resent or send it with imp.
Thanks!

[v-sudkharat]

Hi @JustineTheHacker, instead of deleting the function app, we recommend simply restarting the function app after updating the WEBSITERUNFROMPACKAGE link.

Answering to your question - we've seen a drastic reduction in the logs being feeded to Sentinel (which is strangely unusual) :

We tested the concern you shared with two different scenarios, deploying two function apps in different environments to verify if there’s any reduction in logs after updating the function app.

In our JumpCloud console we have Total 26 event count of logs:

1. Function App Deployment in Workspace 1 (No Changes):

   • We deployed the function app in our workspace without making any changes:
     

   a. After deployment, we monitored the Log Stream for errors but observed no errors, except for a warning message related to
   the storage account:
   
   b. In Sentinel workspace, we checked the log results:
   
   

2. Function App Deployment in Workspace 2 (With WebsiteRunFromPackage Link Change):

   • We deployed the function app in Workspace 2 after changing the WebsiteRunFromPackage link:
     

   a. After deployment, we again monitored the Log Stream for errors and saw no errors except for the storage account warning:
   
   b. In Sentinel workspace, we checked the log results:
   
   

In both workspaces, we observed no reduction in the log count. The logs remained consistent.

Thanks!

Hi @HotdogAndBaloney314, Did you validated the count on logs in Jumpcloud and function app Logs as mentioned above?
And waiting for your app trace mail
Thanks!

[HotdogAndBaloney314]

Hi @v-sudkharat ,
I have resent the file, can you check please? And yes, the logs have went indeed down per checking.

Kind Regards,
Justine

[v-sudkharat]

@HotdogAndBaloney314, Waiting for Timestamp values. Thanks!

[HotdogAndBaloney314]

Hi, I'm still waiting for this information from our customer. I will update you as soon as I get it. Kind regards

…

On Mon, Feb 17, 2025 at 6:14 PM v-sudkharat ***@***.***> wrote: @HotdogAndBaloney314 <https://github.com/HotdogAndBaloney314>, Waiting for Timestamp values. Thanks! — Reply to this email directly, view it on GitHub <#11695 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ATWE3PR6HNEXOF6IOLFEXWD2QGZCHAVCNFSM6AAAAABVSMCIVKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDMNRSGY2DONBTHA> . You are receiving this because you were mentioned.Message ID: ***@***.***> [image: v-sudkharat]*v-sudkharat* left a comment (Azure/Azure-Sentinel#11695) <#11695 (comment)> @HotdogAndBaloney314 <https://github.com/HotdogAndBaloney314>, Waiting for Timestamp values. Thanks! — Reply to this email directly, view it on GitHub <#11695 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ATWE3PR6HNEXOF6IOLFEXWD2QGZCHAVCNFSM6AAAAABVSMCIVKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDMNRSGY2DONBTHA> . You are receiving this because you were mentioned.Message ID: ***@***.***>

[HotdogAndBaloney314]

Hi,

I'm still waiting for this information from our customer. I will update you
as soon as I get it.

Kind regards

[HotdogAndBaloney314]

Hi, Please see timestamps taken from the logs in the portal: timestamp 2025-02-19T13:04:53.014523849Z 2025-02-19T13:04:40.94362251Z 2025-02-19T13:04:35.437164745Z 2025-02-19T13:04:10.937471383Z 2025-02-19T13:03:43.236Z 2025-02-19T13:03:40.914312547Z 2025-02-19T13:03:38.765Z 2025-02-19T13:03:26.796751152Z 2025-02-19T13:03:10.899974505Z 2025-02-19T13:02:40.923960928Z 2025-02-19T13:02:11.402702713Z 2025-02-19T13:02:11.152148833Z 2025-02-19T13:02:10.903164974Z 2025-02-19T13:02:10.895624676Z Jt9ZCQ5puymsAM8+i8y3uxNgu4V3V0nkwOk/QXDICNN/CDboXBNDyEnGKY7RZVAgMBAAGjggIHMIICAzAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFAn+wBWQ+a9kCpISuSYoYwyX7KeyMHAGCCsGAQUFBwEBBGQwYjAtBggrBgEFBQcwAoYhaHR0cDovL2NlcnRzLmFwcGxlLmNvbS93d2RyZzMuZGVyMDEGCCsGAQUFBzABhiVodHRwOi8vb2NzcC5hcHBsZS5jb20vb2NzcDAzLXd3ZHJnMzEwMIIBHgYDVR0gBIIBFTCCAREwggENBgkqhkiG92NkBQEwgf8wgcMGCCsGAQUFBwICMIG2DIGzUmVsaWFuY2Ugb24gdGhpcyBjZXJ0aWZpY2F0ZSBieSBhbnkgcGFydHkgYXNzdW1lcyBhY2NlcHRhbmNlIG9mIHRoZSB0aGVuIGFwcGxpY2FibGUgc3RhbmRhcmQgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YgdXNlLCBjZXJ0aWZpY2F0ZSBwb2xpY3kgYW5kIGNlcnRpZmljYXRpb24gcHJhY3RpY2Ugc3RhdGVtZW50cy4wNwYIKwYBBQUHAgEWK2h0dHBzOi8vd3d3LmFwcGxlLmNvbS9jZXJ0aWZpY2F0ZWF1dGhvcml0eS8wHQYDVR0OBBYEFMyXXpctgVSF6qEmooDOr0R4xNf1MA4GA1UdDwEB/wQEAwIHgDAPBgkqhkiG92NkBAwEAgUAMA0GCSqGSIb3DQEBCwUAA4IBAQDQMJl0aLY37/4OaUryu5ID9B8iMFDL0zzctd9nFLAKHTfSL8+1oO2ZaW0hxZTte18Qo9MQnwfFEEQdrd5iOrAs/iGfx1t7W74CGh0+7Osad4CwlHl+w2wm4jGBG+ArDnvxDOAGf4xdx/BY5U+fYQhScGSVTCQmSkqbRwubH7AKHePdnMGcfDL9YdPD4rpVh8oWHvyjN/Jqy0G/vdDvmqk0IP4cgbNj1bDBjx8MJ3QJP2FLGTnEkvLqvi1k0qrxWnu64GjqF+vNXGCPP41c68ii3sQP5UnYGpCCAn4jpWIO4N2OoO8aXth3aQzm3ROH9ILGhw9uic+5/bzD4Z75f7p1] 2025-02-19T13:02:10.413442833Z 2025-02-19T13:01:40.900089876Z 2025-02-19T13:01:10.937888338Z 2025-02-19T13:00:49.231Z 2025-02-19T13:00:49.230Z 2025-02-19T13:00:49.229Z 2025-02-19T13:00:49.227Z 2025-02-19T13:00:45.789Z 2025-02-19T13:00:40.867667525Z 2025-02-19T13:00:16.854485764Z 2025-02-19T13:00:10.927333672Z 2025-02-19T12:59:50.181542409Z 2025-02-19T12:59:40.847577615Z 2025-02-19T12:59:17.762354765Z 2025-02-19T12:59:10.844418009Z 2025-02-19T12:58:40.841899527Z 2025-02-19T12:58:10.837761373Z 2025-02-19T12:57:40.836279436Z 2025-02-19T12:57:10.823323991Z 2025-02-19T12:56:39.824313418Z 2025-02-19T12:56:10.798487144Z 2025-02-19T12:55:40.801652166Z 2025-02-19T12:55:10.793670743Z 2025-02-19T12:54:43.970Z 2025-02-19T12:54:40.829294156Z 2025-02-19T12:54:40.774Z 2025-02-19T12:54:40.762Z 2025-02-19T12:54:10.786222614Z 2025-02-19T12:53:40.770462509Z 2025-02-19T12:53:29.178Z 2025-02-19T12:53:10.762033819Z 2025-02-19T12:52:40.735344458Z 2025-02-19T12:52:10.743199572Z 2025-02-19T12:51:40.744060193Z 2025-02-19T12:51:10.761204506Z 2025-02-19T12:50:52.844087948Z 2025-02-19T12:50:52.844086867Z 2025-02-19T12:50:40.723303385Z 2025-02-19T12:50:16.883733075Z 2025-02-19T12:50:10.732910613Z 2025-02-19T12:49:46.779846328Z 2025-02-19T12:49:42.478253798Z 2025-02-19T12:49:42.260950505Z bNNxl5bgMtto/3h+B4lrLA+/XQEB2WnL6Ekj91Jt9ZCQ5puymsAM8+i8y3uxNgu4V3V0nkwOk/QXDICNN/CDboXBNDyEnGKY7RZVAgMBAAGjggIHMIICAzAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFAn+wBWQ+a9kCpISuSYoYwyX7KeyMHAGCCsGAQUFBwEBBGQwYjAtBggrBgEFBQcwAoYhaHR0cDovL2NlcnRzLmFwcGxlLmNvbS93d2RyZzMuZGVyMDEGCCsGAQUFBzABhiVodHRwOi8vb2NzcC5hcHBsZS5jb20vb2NzcDAzLXd3ZHJnMzEwMIIBHgYDVR0gBIIBFTCCAREwggENBgkqhkiG92NkBQEwgf8wgcMGCCsGAQUFBwICMIG2DIGzUmVsaWFuY2Ugb24gdGhpcyBjZXJ0aWZpY2F0ZSBieSBhbnkgcGFydHkgYXNzdW1lcyBhY2NlcHRhbmNlIG9mIHRoZSB0aGVuIGFwcGxpY2FibGUgc3RhbmRhcmQgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YgdXNlLCBjZXJ0aWZpY2F0ZSBwb2xpY3kgYW5kIGNlcnRpZmljYXRpb24gcHJhY3RpY2Ugc3RhdGVtZW50cy4wNwYIKwYBBQUHAgEWK2h0dHBzOi8vd3d3LmFwcGxlLmNvbS9jZXJ0aWZpY2F0ZWF1dGhvcml0eS8wHQYDVR0OBBYEFMyXXpctgVSF6qEmooDOr0R4xNf1MA4GA1UdDwEB/wQEAwIHgDAPBgkqhkiG92NkBAwEAgUAMA0GCSqGSIb3DQEBCwUAA4IBAQDQMJl0aLY37/4OaUryu5ID9B8iMFDL0zzctd9nFLAKHTfSL8+1oO2ZaW0hxZTte18Qo9MQnwfFEEQdrd5iOrAs/iGfx1t7W74CGh0+7Osad4CwlHl+w2wm4jGBG+ArDnvxDOAGf4xdx/BY5U+fYQhScGSVTCQmSkqbRwubH7AKHePdnMGcfDL9YdPD4rpVh8oWHvyjN/Jqy0G/vdDvmqk0IP4cgbNj1bDBjx8MJ3QJP2FLGTnEkvLqvi1k0qrxWnu64GjqF+vNXGCPP41c68ii3sQP5UnYGpCCAn4jpWIO4N2OoO8aXth3aQzm3ROH9ILGhw9uic+5/bzD4Z75f7p1] 2025-02-19T12:49:41.91120046Z 2025-02-19T12:49:40.710299497Z Interestingly, there's some line with what looks like an "encrypted" message. Kind Regards, Justine On Wed, Feb 19, 2025 at 7:04 AM Justine Reynold Quiroga < ***@***.***> wrote:

…

Hi, I'm still waiting for this information from our customer. I will update you as soon as I get it. Kind regards On Mon, Feb 17, 2025 at 6:14 PM v-sudkharat ***@***.***> wrote: > @HotdogAndBaloney314 <https://github.com/HotdogAndBaloney314>, Waiting > for Timestamp values. Thanks! > > — > Reply to this email directly, view it on GitHub > <#11695 (comment)>, > or unsubscribe > <https://github.com/notifications/unsubscribe-auth/ATWE3PR6HNEXOF6IOLFEXWD2QGZCHAVCNFSM6AAAAABVSMCIVKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDMNRSGY2DONBTHA> > . > You are receiving this because you were mentioned.Message ID: > ***@***.***> > [image: v-sudkharat]*v-sudkharat* left a comment > (Azure/Azure-Sentinel#11695) > <#11695 (comment)> > > @HotdogAndBaloney314 <https://github.com/HotdogAndBaloney314>, Waiting > for Timestamp values. Thanks! > > — > Reply to this email directly, view it on GitHub > <#11695 (comment)>, > or unsubscribe > <https://github.com/notifications/unsubscribe-auth/ATWE3PR6HNEXOF6IOLFEXWD2QGZCHAVCNFSM6AAAAABVSMCIVKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDMNRSGY2DONBTHA> > . > You are receiving this because you were mentioned.Message ID: > ***@***.***> >

[v-sudkharat]

Hi @HotdogAndBaloney314,
Thanks for sharing the Timestamp values.
Made the changes. Kindly update the WebsiteRunFromPackage link with the one below and restart the function app:
https://github.com/Azure/Azure-Sentinel/raw/a113a75974a130031ae3fe6d3f0799c28c029b52/DataConnectors/JumpCloud%20Single%20Sign%20On/AzureFunctionJumpCloud/JumpCloudSSO.zip

Note that the timestamp values should follow the format shared above: 2025-02-19T12:49:40.710299497Z.
If the timestamp values are in an encrypted format, the function will throw an error for those fields.

Thanks!

[v-sudkharat]

@HotdogAndBaloney314, Did you get a chance to check on above comment?