v-sudkharat
commented
6 days ago Hi @shaunyb93, Thanks for flagging this issue, we will investigate this issue and get back to you with some updates. Thanks!
Open shaunyb93 opened 6 days ago
v-sudkharat
commented
6 days ago Hi @shaunyb93, Thanks for flagging this issue, we will investigate this issue and get back to you with some updates. Thanks!
v-sudkharat
commented
6 hours ago Hi @shaunyb93, Do you have any testing env with you? so if required we can check some changes with you. Thanks!
shaunyb93
commented
5 hours ago Hi @v-sudkharat I don't have any testing environment, only production Cisco Umbrella and Azure Sentinel instances Thanks
Hi,
We are using Data Connector "Cisco Umbrella (using Azure Functions)". It appears that Intrusion Prevention Logs are not being ingested due to misalignment of the Azure Function code
I believe the Azure Function is looking for a folder in the S3 bucket called "ip" however this folder is "intrusionlogs" as per https://docs.umbrella.com/umbrella-user-guide/docs/log-format-and-versioning
This means that IPS traffic events are not being ingested by the connector and the datasource shows as disconnected:
Please can this be looked into?
Thanks Shaun