forked from elastic/integrations
/
test-tls-details-json.log-expected.json
96 lines (96 loc) · 5.05 KB
/
test-tls-details-json.log-expected.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
{
"expected": [
{
"@timestamp": "2020-01-10T16:06:40.000Z",
"aws": {
"cloudtrail": {
"event_type": "AwsApiCall",
"event_version": "1.05",
"flattened": {
"request_parameters": {
"sSHPublicKeyBody": "ssh-rsa AAAAdeadcodedeadcode Alice@localhost.domain",
"userName": "Alice"
},
"response_elements": {
"sSHPublicKey": {
"fingerprint": "de:ad:c0:de:de:ad:c0:de:de:ad:c0:de:de:ad:c0:de",
"sSHPublicKeyBody": "ssh-rsa AAAAdeadcodedeadcode Alice@localhost.domain",
"sSHPublicKeyId": "EXAMPLE_KEY_ID",
"status": "Active",
"uploadDate": "Jan 10, 2020 4:06:40 PM",
"userName": "Alice"
}
}
},
"recipient_account_id": "0123456789012",
"request_id": "EXAMPLE-44b9-41cd-90f2-EXAMPLE",
"request_parameters": "{sSHPublicKeyBody=ssh-rsa AAAAdeadcodedeadcode Alice@localhost.domain, userName=Alice}",
"response_elements": "{sSHPublicKey={sSHPublicKeyBody=ssh-rsa AAAAdeadcodedeadcode Alice@localhost.domain, sSHPublicKeyId=EXAMPLE_KEY_ID, uploadDate=Jan 10, 2020 4:06:40 PM, fingerprint=de:ad:c0:de:de:ad:c0:de:de:ad:c0:de:de:ad:c0:de, userName=Alice, status=Active}}",
"user_identity": {
"access_key_id": "EXAMPLE_KEY",
"arn": "arn:aws:iam::0123456789012:user/Alice",
"invoked_by": "signin.amazonaws.com",
"session_context": {
"creation_date": "2020-01-10T14:38:30.000Z",
"mfa_authenticated": "true"
},
"type": "IAMUser"
}
}
},
"cloud": {
"account": {
"id": "0123456789012"
},
"region": "us-east-1"
},
"ecs": {
"version": "8.0.0"
},
"event": {
"action": "UploadSSHPublicKey",
"created": "2021-11-11T01:02:03.123456789Z",
"id": "EXAMPLE-9a9d-4da4-9998-EXAMPLE",
"kind": "event",
"original": "{\"eventVersion\":\"1.05\",\"userIdentity\":{\"type\":\"IAMUser\",\"principalId\":\"EXAMPLE_ID\",\"arn\":\"arn:aws:iam::0123456789012:user/Alice\",\"accountId\":\"0123456789012\",\"accessKeyId\":\"EXAMPLE_KEY\",\"userName\":\"Alice\",\"sessionContext\":{\"attributes\":{\"mfaAuthenticated\":\"true\",\"creationDate\":\"2020-01-10T14:38:30Z\"}},\"invokedBy\":\"signin.amazonaws.com\"},\"eventTime\":\"2020-01-10T16:06:40Z\",\"eventSource\":\"iam.amazonaws.com\",\"eventName\":\"UploadSSHPublicKey\",\"awsRegion\":\"us-east-1\",\"sourceIPAddress\":\"127.0.0.1\",\"userAgent\":\"signin.amazonaws.com\",\"requestParameters\":{\"sSHPublicKeyBody\":\"ssh-rsa AAAAdeadcodedeadcode Alice@localhost.domain\",\"userName\":\"Alice\"},\"responseElements\":{\"sSHPublicKey\":{\"fingerprint\":\"de:ad:c0:de:de:ad:c0:de:de:ad:c0:de:de:ad:c0:de\",\"status\":\"Active\",\"uploadDate\":\"Jan 10, 2020 4:06:40 PM\",\"userName\":\"Alice\",\"sSHPublicKeyId\":\"EXAMPLE_KEY_ID\",\"sSHPublicKeyBody\":\"ssh-rsa AAAAdeadcodedeadcode Alice@localhost.domain\"}},\"requestID\":\"EXAMPLE-44b9-41cd-90f2-EXAMPLE\",\"eventID\":\"EXAMPLE-9a9d-4da4-9998-EXAMPLE\",\"eventType\":\"AwsApiCall\",\"recipientAccountId\":\"0123456789012\",\"tlsDetails\":{\"tlsVersion\":\"TLSv1.2\",\"cipherSuite\":\"ECDHE-RSA-AES128-GCM-SHA256\",\"clientProvidedHostHeader\":\"ssm.us-west-2.amazonaws.com\"}}",
"outcome": "success",
"provider": "iam.amazonaws.com",
"type": "info"
},
"related": {
"user": [
"Alice"
]
},
"source": {
"address": "127.0.0.1",
"ip": "127.0.0.1"
},
"tags": [
"preserve_original_event"
],
"tls": {
"cipher": "ECDHE-RSA-AES128-GCM-SHA256",
"client": {
"server_name": "ssm.us-west-2.amazonaws.com"
},
"version": "1.2",
"version_protocol": "tls"
},
"user": {
"id": "EXAMPLE_ID",
"name": "Alice",
"target": {
"name": "Alice"
}
},
"user_agent": {
"device": {
"name": "Other"
},
"name": "Other",
"original": "signin.amazonaws.com"
}
}
]
}