Open shaunyb93 opened 6 days ago
Hi @shaunyb93, Thanks for flagging this issue, we will investigate this issue and get back to you with some updates. Thanks!
Hi @shaunyb93, Do you have any testing env with you? so if required we can check some changes with you. Thanks!
Hi @v-sudkharat I don't have any testing environment, only production Cisco Umbrella and Azure Sentinel instances Thanks
Hi,
We are using Data Connector "Cisco Umbrella (using Azure Functions)". It appears that Intrusion Prevention Logs are not being ingested due to misalignment of the Azure Function code
I believe the Azure Function is looking for a folder in the S3 bucket called "ip" however this folder is "intrusionlogs" as per https://docs.umbrella.com/umbrella-user-guide/docs/log-format-and-versioning
This means that IPS traffic events are not being ingested by the connector and the datasource shows as disconnected:
Please can this be looked into?
Thanks Shaun