May 05 2020 03:15 AM
I've connected our AWS to Sentinel and events are being ingested but there seem to be missing events that I can see in CloudTrail and not in Sentinel.
Anybody experienced this before?
View best response
May 05 2020 06:45 AM
@endakelly
Do you have some examples? That would help the team answer or track why they are missing.
May 05 2020 08:58 AM
@CliveWatson Think I've realised the problem. I've connected our org account to Sentinel and I assumed the logs from the sub-accounts would also flow in but you need to add the connector for each sub-account separately.
My bad :D
May 05 2020 09:10 AM
