When I enable the Sentinel Connector for AWS S3, there are 3 built-in tables to select from: CloudTrail, GuardDuty, and VPCFlowLogs.
What Tables to use when enabling AWS WAF, CloudFront, Sign-in etc. logs in S3 buckets to flow into Sentinel?
There are 3 built-in SQS types: CloudTrail, GuardDuty, and VPCFlowLogs to select from. Is it best to use 1 simple SQS for all types of logs in the one SIEM account S3 bucket and CloudTrail, ..., types of logs subsequent S3 buckets?