packages/aws/data_stream/cloudtrail/_dev/test/pipeline/test-start-logging-json.log-expected.json

{
    "expected": [
        {
            "@timestamp": "2020-01-08T15:30:25.000Z",
            "aws": {
                "cloudtrail": {
                    "event_type": "AwsApiCall",
                    "event_version": "1.05",
                    "flattened": {
                        "request_parameters": {
                            "name": "TEST-trail"
                        }
                    },
                    "read_only": false,
                    "recipient_account_id": "0123456789012",
                    "request_id": "EXAMPLE-1c30-4f43-9763-EXAMPLE",
                    "request_parameters": "{name=TEST-trail}",
                    "user_identity": {
                        "access_key_id": "EXAMPLE_KEY",
                        "arn": "arn:aws:iam::0123456789012:user/Alice",
                        "invoked_by": "signin.amazonaws.com",
                        "session_context": {
                            "creation_date": "2020-01-08T15:12:16.000Z",
                            "mfa_authenticated": "true"
                        },
                        "type": "IAMUser"
                    }
                }
            },
            "cloud": {
                "account": {
                    "id": "0123456789012"
                },
                "region": "us-west-2"
            },
            "ecs": {
                "version": "8.0.0"
            },
            "event": {
                "action": "StartLogging",
                "created": "2021-11-11T01:02:03.123456789Z",
                "id": "EXAMPLE-aa78-4a84-a27f-EXAMPLE",
                "kind": "event",
                "original": "{\"eventVersion\":\"1.05\",\"userIdentity\":{\"type\":\"IAMUser\",\"principalId\":\"EXAMPLE_ID\",\"arn\":\"arn:aws:iam::0123456789012:user/Alice\",\"accountId\":\"0123456789012\",\"accessKeyId\":\"EXAMPLE_KEY\",\"userName\":\"Alice\",\"sessionContext\":{\"sessionIssuer\":{},\"webIdFederationData\":{},\"attributes\":{\"mfaAuthenticated\":\"true\",\"creationDate\":\"2020-01-08T15:12:16Z\"}},\"invokedBy\":\"signin.amazonaws.com\"},\"eventTime\":\"2020-01-08T15:30:25Z\",\"eventSource\":\"cloudtrail.amazonaws.com\",\"eventName\":\"StartLogging\",\"awsRegion\":\"us-west-2\",\"sourceIPAddress\":\"127.0.0.1\",\"userAgent\":\"signin.amazonaws.com\",\"requestParameters\":{\"name\":\"TEST-trail\"},\"responseElements\":null,\"requestID\":\"EXAMPLE-1c30-4f43-9763-EXAMPLE\",\"eventID\":\"EXAMPLE-aa78-4a84-a27f-EXAMPLE\",\"readOnly\":false,\"eventType\":\"AwsApiCall\",\"recipientAccountId\":\"0123456789012\"}",
                "outcome": "success",
                "provider": "cloudtrail.amazonaws.com",
                "type": [
                    "info"
                ]
            },
            "related": {
                "user": [
                    "Alice"
                ]
            },
            "source": {
                "address": "127.0.0.1",
                "ip": "127.0.0.1"
            },
            "tags": [
                "preserve_original_event"
            ],
            "user": {
                "id": "EXAMPLE_ID",
                "name": "Alice"
            },
            "user_agent": {
                "device": {
                    "name": "Other"
                },
                "name": "Other",
                "original": "signin.amazonaws.com"
            }
        }
    ]
}