Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
SOLVED

AWS CloudTrail events missing

Brass Contributor

I've connected our AWS to Sentinel and events are being ingested but there seem to be missing events that I can see in CloudTrail and not in Sentinel.

 

Anybody experienced this before?

3 Replies

@endakelly

 

Do you have some examples?  That would help the team answer or track why they are missing.

best response confirmed by endakelly (Brass Contributor)
Solution

@CliveWatson Think I've realised the problem. I've connected our org account to Sentinel and I assumed the logs from the sub-accounts would also flow in but you need to add the connector for each sub-account separately.

 

My bad :D

No problem, glad you sorted it ;)
1 best response

Accepted Solutions
best response confirmed by endakelly (Brass Contributor)
Solution

@CliveWatson Think I've realised the problem. I've connected our org account to Sentinel and I assumed the logs from the sub-accounts would also flow in but you need to add the connector for each sub-account separately.

 

My bad :D

View solution in original post