, Congrats, we experienced the same struggles. We do receive Security Center Logs. The events are partially parsed in a proper way. Lots of crucial data is 'summarized' in cs1-5 fields. That is why we wanted to change the .map files like the config guide describes in my previous post. We noticed that when the .map files are altered, the events will not be processed. Are all your .map files still original from installation?
Also keep in mind that restarting the ArcSight connector, also requires to restart the Azure Function, for it will stop sending when the periodic connectivity check has failed.
, Congrats, we experienced the same struggles. We do receive Security Center Logs. The events are partially parsed in a proper way. Lots of crucial data is 'summarized' in cs1-5 fields. That is why we wanted to change the .map files like the config guide describes in my previous post. We noticed that when the .map files are altered, the events will not be processed. Are all your .map files still original from installation?
Also keep in mind that restarting the ArcSight connector, also requires to restart the Azure Function, for it will stop sending when the periodic connectivity check has failed.