Missing CloudSOC History logs in SIEM agent export
Article ID: 400242
Updated On:
Products
CASB Advanced Threat Protection
CASB Security Advanced
CASB Security Premium
CASB Security Standard
Issue/Introduction
You configured SIEM agent to retrieve CloudSOC History logs using
--elastica_app INVESTIGATE --app ElasticaHowever, you notice not all the CloudSOC History Logs are exported.
Resolution
- First please check if the access profile the API key follows has the History checkbox selected, this enables exporting all the history logs.
- Next please ensure you have added
-severity allin your query as the agent exports logs of error, critical, and warning levels, but not informational by default.
Feedback
Yes
No
Powered by
