Jan 10 2024 12:29 PM
Currently have a custom data table setup to ingest our AWS WAF logs. It is ingesting an enormous amount of data and I need a way to reduce this for the sake of cost. Is it possible to accomplish this with a Data Collection Rule? Do I need to configure a Data Collection Endpoint?
Appreciate any insight.
Jan 12 2024 02:04 AM
Jan 15 2024 02:11 AM
Jan 16 2024 07:01 AM
Jan 16 2024 07:12 AM
If you go from Sentinel --> Settings --> Workspace settings. Then look at [tables] if they are (classic) then you are NOT on the right API. Select "edit schema" to get more info
Jan 16 2024 07:40 AM
Here's what I see when I follow those steps and look up the table I want to trim down. I don't see that it's classic.