I've connected our AWS to Sentinel and events are being ingested but there seem to be missing events that I can see in CloudTrail and not in Sentinel.
Anybody experienced this before?
View best response
Do you have some examples? That would help the team answer or track why they are missing.
@Clive Watson Think I've realised the problem. I've connected our org account to Sentinel and I assumed the logs from the sub-accounts would also flow in but you need to add the connector for each sub-account separately.
My bad :D