Below doc explains the log management in Amazon S3/Splunk/Q-Radar. Couldn't find any doc for Arcsight. You can check with local cisco account manager for cisco umbrella support Arcsight.
You need to convert the json output into cef or something readable by arcsight. I did some reading in their forums and it looks like it can parse json with a little work on your part.
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
