CloudTrail events do not appear on Microsoft Sentinel

Here some ideas to dig for the root cause.

• Make sure you update the AWS CloudTrail connector configuration in Azure Sentinel to account for these changes.
• Ensure that S3 data events are enabled and configured in your CloudTrail settings.
• Check if the specific "CopyObject" events are included in the CloudTrail logs you are sending to Azure Sentinel. These events might be categorized differently or may have specific attributes that need to be parsed and queried.
• Check for any errors or issues related to log ingestion. You may need to troubleshoot and resolve any connectivity problems.