Idea ID 2805222
With the current integration method to integrate Azure subscriptions with Arcsight.
I have observed that the subscription ID is getting captured in filePath field along with some other information.
Considering we need to to monitor multiple subscriptions, i would request you to come up with the mapping of only subscription ID in unique field ( device Host Name ), so that the device log flow can be monitored and subscription log stoppage can be identified.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.