Skip to content

Commit 6bc2a9c

Browse files
limwainsteinlimwainstein
committed
Formats
1 parent 22c6ed8 commit 6bc2a9c

File tree

2 files changed

+5
-5
lines changed

2 files changed

+5
-5
lines changed

articles/sentinel/cloudwatch-lambda-function.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ ms.date: 02/09/2023
1111

1212
# Create a Lambda function to send CloudWatch events to an S3 bucket
1313

14-
In some cases, your CloudWatch logs may not match the format accepted by Microsoft Sentinel - gzipped CSV format without a header. In this article, you use a [lambda function](https://github.com/Azure/Azure-Sentinel/blob/master/DataConnectors/AWS-S3/CloudWatchLanbdaFunction.py) within the Amazon Web Services (AWS) environment to send [CloudWatch events to an S3 bucket](connect-aws.md), and convert the format to the accepted format.
14+
In some cases, your CloudWatch logs may not match the format accepted by Microsoft Sentinel - gzipped file in a CSV format without a header. In this article, you use a [lambda function](https://github.com/Azure/Azure-Sentinel/blob/master/DataConnectors/AWS-S3/CloudWatchLanbdaFunction.py) within the Amazon Web Services (AWS) environment to send [CloudWatch events to an S3 bucket](connect-aws.md), and convert the format to the accepted format.
1515

1616
## Create the lambda function
1717

articles/sentinel/connect-aws.md

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -30,10 +30,10 @@ This article explains how to configure the new AWS S3 connector. The process of
3030

3131
Make sure that the logs from your selected AWS service use the format accepted by Microsoft Sentinel:
3232

33-
- **Amazon VPC**: gzip csv with headers, delimiter: space
34-
- **Amazon GuardDuty**: json-line and gzip
35-
- **AWS CloudTrail**: gzip json
36-
- **CloudWatch**: zipped CSV format without a header. If you need to convert your logs to this format, you can use this [CloudWatch lambda function](cloudwatch-lambda-function.md).
33+
- **Amazon VPC**: .csv file in GZIP format with headers; delimiter: space.
34+
- **Amazon GuardDuty**: json-line and GZIP formats.
35+
- **AWS CloudTrail**: .json file in GZIP format.
36+
- **CloudWatch**: gzipped file in CSV format without a header. If you need to convert your logs to this format, you can use this [CloudWatch lambda function](cloudwatch-lambda-function.md).
3737

3838
## Connect the S3 connector
3939

0 commit comments

Comments
 (0)