Field Name |
Type |
General Field |
Description |
Example |
Products |
---|---|---|---|---|---|
eventID |
string |
- |
The GUID generated by AWS CloudTrail to identify events |
|
|
eventName |
string |
- |
The name of the requested action (one of the actions in the API for the service) |
|
|
eventSource |
string |
- |
The AWS service the request was made to |
|
|
filterRiskLevel |
string |
- |
The top-level risk level of the event |
|
|
productCode |
string |
- |
The internal product code |
|
|
readOnly |
bool |
- |
Whether the operation is read-only |
|
|
requestParameters |
object |
- |
The parameters, if any, that were sent with the request (Parameters are documented in the API reference docs for the appropriate AWS service.) |
|
|
resources |
dynamic |
- |
The list of resources accessed in the event |
|
|
responseElements |
dynamic |
- |
The response elements for actions that made changes (create, update, or delete actions) |
|
|
sourceIPAddress |
string |
|
The IP address the request was made from (For actions that originate from the service console, the address reported is for the underlying customer resource, not the console web server. For services in AWS, only the DNS name is displayed.) |
|
|
tags |
string[] |
- |
The MITRE technique ID detected by Trend Vision One based on the alert filter |
|
|
userAgent |
string |
|
The agent through which the request was made (such as the AWS Management Console, an AWS service, the AWS SDKs, or the AWS CLI) |
|
|
userIdentity |
dynamic |
- |
The information about the user that made a request |
|
|
uuid |
string |
- |
The unique key of the log entry |
|
|
vpcEndpointId |
string |
- |
The VPC endpoint in which requests were made from a VPC to another AWS service (such as Amazon S3) |
|
|