ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

SIEM agent app selection not working

book

Article ID: 172666

calendar_today

Updated On:

Products

CASB Security Standard CASB Security Premium CASB Security Advanced CASB Audit CASB Gateway CASB Gateway Advanced Data Loss Prevention Cloud Package

Issue/Introduction

CloudSOC/CASB

Trying to use the --app switch does not filter for app-specific logs. 

Cause

The SIEM agent --app switch requires case-sensitive input.

Resolution

Use the following syntax to obtain AWS-specific logs from the tenant using SIEM agents: 

--app "Amazon Web Services"

 

For more information, see: Delivering CloudSOC Logs with the SIEM Agent Symantec CloudSOC Tech Note