Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
981 questions
CloudWatch ASIM Parser
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 24%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EL%3C/text%3E%3C/svg%3E)
LS
10
Reputation points
I have successfully connected AWS CloudWatch to Sentinel, and I am receiving events from multiple log groups. However, I am facing an issue with parsing the events, particularly with the 'Message' field that is in JSON format. Currently, the 'Message' field is parsed only when it contains a single JSON object; otherwise, it is not parsed. How can I resolve this to ensure that all data in the 'Message' fields is parsed? If I need to use ASIM (Azure Sentinel Integration Module), is there a pre-existing one that I can use, or do I need to create a new custom module?
{count} vote
-
Akshay-MSFT 16,026 Reputation points Microsoft Employee2024-01-17T13:22:51.6033333+00:00 @LS
Thank you for posting your query on Microsoft Q&A. I am reviewing this and will get back to you with further inputs. Thanks, Akshay Kaushik -
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 49%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
Monika Sharma 0 Reputation points2024-03-11T10:55:27.48+00:00 Is there any update on this query. We are also facing the same issue.
Sign in to comment