AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관
AWS re:Postre:Post

CloudTrail events do not appear on Microsoft Sentinel

0

My organization is ingesting its CloudTrail logs into a Sentinel workspace. I recently updated our current LogTrail by adding S3 in the data events but when I performed some specific operations to test, like "CopyObject", they do not appear on Sentinel. We use the legacy connector and expected that we would be able to see such events

주제
관리 및 거버넌스AWS Well-Architected 프레임워크
태그
AWS CloudTrail보안
언어
English
Nov
질문됨 7달 전261회 조회
1개 답변
0

Here some ideas to dig for the root cause.

  • Make sure you update the AWS CloudTrail connector configuration in Azure Sentinel to account for these changes.
  • Ensure that S3 data events are enabled and configured in your CloudTrail settings.
  • Check if the specific "CopyObject" events are included in the CloudTrail logs you are sending to Azure Sentinel. These events might be categorized differently or may have specific attributes that need to be parsed and queried.
  • Check for any errors or issues related to log ingestion. You may need to troubleshoot and resolve any connectivity problems.
nitin babariya
답변함 6달 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠