/
fields.yml
157 lines (128 loc) · 4.88 KB
/
fields.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
action.properties.errorCode:
description: The code of the error associated to the request
name: action.properties.errorCode
type: keyword
action.properties.errorMessage:
description: The message of the error associated to the request
name: action.properties.errorMessage
type: keyword
action.properties.recipientAccountId:
description: The account ID that received the event
name: action.properties.recipientAccountId
type: keyword
action.properties.requestParameters.userData:
description: The userData parameters sent with the request
name: action.properties.requestParameters.userData
type: keyword
action.properties.resources:
description: A list of resources accessed in the event
name: action.properties.resources
type: list
action.properties.responseElements.pendingModifiedValues.masterUserPassword:
description: The new master password for the RDS instance
name: action.properties.responseElements.pendingModifiedValues.masterUserPassword
type: keyword
action.properties.responseElements.publiclyAccessible:
description: Whether the requested ressource was public
name: action.properties.responseElements.publiclyAccessible
type: boolean
action.properties.userIdentity:
description: Information about the user that made the request
name: action.properties.userIdentity
type: object
action.target:
description: The target of the action
name: action.target
type: keyword
aws.cloudtrail.cluster_name:
description: The name of the cluster
name: aws.cloudtrail.cluster_name
type: keyword
aws.cloudtrail.event_version:
description: The version of the event
name: aws.cloudtrail.event_version
type: keyword
aws.cloudtrail.flattened.request_parameters:
description: The flattened version of the field requestParameters
name: aws.cloudtrail.flattened.request_parameters
type: keyword
aws.cloudtrail.flattened.response_elements:
description: The flattened version of the field responseElements
name: aws.cloudtrail.flattened.response_elements
type: keyword
aws.cloudtrail.insight_details.context:
description: The context of the insight
name: aws.cloudtrail.insight_details.context
type: keyword
aws.cloudtrail.insight_details.state:
description: The status of the insight
name: aws.cloudtrail.insight_details.state
type: keyword
aws.cloudtrail.insight_details.type:
description: The type of the insight
name: aws.cloudtrail.insight_details.type
type: keyword
aws.cloudtrail.recipient_account_id:
description: The account ID that received the event
name: aws.cloudtrail.recipient_account_id
observable:
name: Recipient account ID
property: account_login
type: user-account
type: keyword
aws.cloudtrail.request_parameters.userData:
description: The userData parameters sent with the request
name: aws.cloudtrail.request_parameters.userData
type: keyword
aws.cloudtrail.request_parameters.userName:
description: The name of the user sent in the request
name: aws.cloudtrail.request_parameters.userName
type: keyword
aws.cloudtrail.resources:
description: A list of resources accessed in the event
name: aws.cloudtrail.resources
type: list
aws.cloudtrail.response_elements.pendingModifiedValues.masterUserPassword:
description: The new master password for the RDS instance
name: aws.cloudtrail.response_elements.pendingModifiedValues.masterUserPassword
type: keyword
aws.cloudtrail.response_elements.publiclyAccessible:
description: Whether the requested ressource was public
name: aws.cloudtrail.response_elements.publiclyAccessible
type: boolean
aws.cloudtrail.response_elements.user.arn:
description: The arn of the user in the response
name: aws.cloudtrail.response_elements.user.arn
type: keyword
aws.cloudtrail.response_elements.user.userName:
description: The name of the user in the response
name: aws.cloudtrail.response_elements.user.userName
type: keyword
aws.cloudtrail.user_identity.accessKeyId:
description: The identifier of the access key used
name: aws.cloudtrail.user_identity.accessKeyId
type: keyword
aws.cloudtrail.user_identity.accountId:
description: The identifier of the account that sent the request
name: aws.cloudtrail.user_identity.accountId
type: keyword
aws.cloudtrail.user_identity.arn:
description: The ARN of the principal that sent the request
name: aws.cloudtrail.user_identity.arn
observable:
name: User ARN
property: account_login
type: user-account
type: keyword
aws.cloudtrail.user_identity.principalId:
description: The identifier of the principal that sent the request
name: aws.cloudtrail.user_identity.principalId
type: keyword
aws.cloudtrail.user_identity.sessionContext:
description: provides information abpout the session
name: aws.cloudtrail.user_identity.sessionContext
type: object
aws.cloudtrail.user_identity.type:
description: The type of the identity
name: aws.cloudtrail.user_identity.type
type: keyword