CloudWatch ASIM Parser
LS
25
Reputation points
I have successfully connected AWS CloudWatch to Sentinel, and I am receiving events from multiple log groups. However, I am facing an issue with parsing the events, particularly with the 'Message' field that is in JSON format. Currently, the 'Message' field is parsed only when it contains a single JSON object; otherwise, it is not parsed. How can I resolve this to ensure that all data in the 'Message' fields is parsed? If I need to use ASIM (Azure Sentinel Integration Module), is there a pre-existing one that I can use, or do I need to create a new custom module?
Sign in to answer