AWS S3 and CrowdStrike Connectors: Non-Analytics Tier Query Support for Basic/Auxiliary Plans

What Changed

Updated Data Connector definitions for Amazon Web Services S3 and CrowdStrike Falcon Endpoint Protection S3 Data Replicator to support non-analytics tier queries using the Usage table as a fallback mechanism.

Security Impact (Visibility & Fidelity)

Deployments using Basic or Auxiliary Log Analytics pricing plans now have connector health monitoring capability that was previously unavailable. Prior to this change, these connectors could not properly report ingestion status on non-analytics tier workspaces, potentially creating blind spots in connector health visibility.

The enhancement adds nonAnalyticsTierBaseQuery and nonAnalyticsTierLastDataReceivedQuery fields to each data type, enabling:

• Usage table fallback queries with 14-hour time windows for CrowdStrike S3 FDR
• Basic ingestion volume and last-data-received metrics for deployments on cost-optimized plans

This addresses a monitoring gap where SOC teams using Basic/Auxiliary plans could not verify that their CrowdStrike endpoint telemetry and AWS security logs were flowing correctly into Microsoft Sentinel.

Affected Files

Solutions/Amazon Web Services/Data Connectors/template_AwsS3.json
Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdStrikeS3FDR_ccp/DataConnectorDefinition.json
(packaging artefacts: 3.0.10.zip, 3.3.5.zip, ReleaseNotes.md, Solution_AmazonWebServices.json, Solution_CrowdStrike.json, mainTemplate.json)