@@ -19,6 +19,21 @@ function Invoke-CippWebhookProcessing {
1919 return
2020 }
2121
22+ # Immediately claim this event ID to prevent concurrent workers from processing the same event.
23+ # Uses Insert (no -Force) so a 409 conflict means another worker already claimed it.
24+ # -ErrorAction Stop ensures non-terminating errors enter the catch block.
25+ try {
26+ Add-CIPPAzDataTableEntity @AuditLogTable - Entity @ {
27+ PartitionKey = $TenantFilter
28+ RowKey = $Data.Id
29+ Title = ' Processing'
30+ Tenant = $TenantFilter
31+ } - ErrorAction Stop
32+ } catch {
33+ Write-Host " Audit log $ ( $Data.Id ) already claimed by another worker. Skipping."
34+ return
35+ }
36+
2237 $Tenant = Get-Tenants - IncludeErrors | Where-Object { $_.defaultDomainName -eq $TenantFilter }
2338 Write-Host " Received data. Our Action List is $ ( $Data.CIPPAction ) "
2439
@@ -93,15 +108,15 @@ function Invoke-CippWebhookProcessing {
93108 AlertComment = $AlertComment
94109 } | ConvertTo-Json - Depth 15 - Compress
95110
96- $CIPPAlert = @ {
97- Type = ' table'
98- Title = $GenerateJSON.Title
99- JSONContent = $JsonContent
100- TenantFilter = $TenantFilter
101- TableName = ' AuditLogs'
111+ # Update the sentinel row claimed earlier with full audit log data
112+ Add-CIPPAzDataTableEntity @AuditLogTable - Entity @ {
113+ PartitionKey = $TenantFilter
102114 RowKey = $Data.Id
103- }
104- $LogId = Send-CIPPAlert @CIPPAlert
115+ Title = $GenerateJSON.Title
116+ Data = [string ]$JsonContent
117+ Tenant = $TenantFilter
118+ } - Force
119+ $LogId = $Data.Id
105120
106121 $AuditLogLink = ' {0}/tenant/administration/audit-logs/log?logId={1}&tenantFilter={2}' -f $CIPPURL , $LogId , $Tenant.defaultDomainName
107122 $GenerateEmail = New-CIPPAlertTemplate - format ' html' - data $Data - ActionResults $ActionResults - CIPPURL $CIPPURL - Tenant $Tenant.defaultDomainName - AuditLogLink $AuditLogLink - AlertComment $AlertComment
0 commit comments