Most of the deployment scenarios of Sentinel and the devices it collects events from are OnPrem, but lately there is a paradigm shift where organizations are moving to the public cloud like AWS and Office 365 where users deploy instances, services, etc. With the rise in cloud adoption it provides opportunity for Sentinel to read logs from the public cloud.
Sentinel uses connector plug-ins to read events from different devices, hence to support AWS and Office 365 we have implemented connector for reading logs from AWS and Office 365.
Reading logs from AWS:
Reading logs from Office 365:
Users who use this plug-in need to come up with their own collector for parsing and normalize to Sentinel event.