MS Sentinel is unable to show outbound traffic malicious incidents for AWS Data Connector

Hi community,

We are unable to detect outbound malicious traffic coming from AWS. AWSVPCFLOW does not have the malicious IP details. We are using AWS S3 Connector that is available in Sentinel for AWS connectivity. We are sending detailed flow logs to sentinel.

But we can see our servers are communicating with malicious IP addresses reported by Threat Intelligence.

We have contacted Microsoft Support multiple times, and they are repeatedly saying that it is not the fault of sentinel, it's working as expected.

This table does not have malicious IP details. AWS never report Malicious IP addresses.

No option found where we can customize the built-in query for outbound events. How can we add joint for AWSVPCFLOW to communicate with the tables that have malicious IP details?