Data Mapping: Cloud Activity Data
|
Field Name |
Type |
General Field |
Description |
Example |
Products |
|---|---|---|---|---|---|
additionalEventData |
- |
- |
Additional data about the event that was not part of the request or response |
|
|
apiVersion |
- |
- |
API version associated with the AwsApiCall eventType value |
|
|
awsRegion |
- |
- |
AWS region that the request was made to |
|
|
bitwiseFilterRiskLevel |
- |
- |
Bitwise risk-level filter search |
|
|
errorCode |
- |
- |
AWS service error code |
|
|
errorMessage |
- |
- |
Description of the error |
|
|
eventCategory |
- |
- |
Event category used in LookupEvents calls |
|
|
eventID |
- |
- |
GUID generated by AWS CloudTrail to identify events |
|
|
eventName |
- |
- |
Name of the requested action (one of the actions in the API for the service) |
|
|
eventSource |
- |
- |
The AWS service the request was made to |
|
|
eventTime |
- |
- |
The date and time the request was made in coordinated universal time (UTC) |
|
|
eventType |
- |
- |
Type of event that generated the event record |
|
|
eventVersion |
- |
- |
Version of the log event format |
|
|
filterRiskLevel |
- |
- |
Top-level risk level of the event |
|
|
mgmtInstanceId |
- |
- |
The instance ID for a management scope, which is the same as tenantGuid (endpoint only) |
|
|
packageTraceId |
- |
- |
Package trace ID |
|
|
partitionKey |
- |
- |
The partition key for a management scope (endpoint only) |
|
|
policyTreePath |
- |
- |
The policy tree path, provided by SAP (endpoint only) |
|
|
productCode |
- |
- |
Internal product code (sct = Trend Micro Cloud One CloudTrail) |
|
|
readOnly |
- |
- |
Whether the operation is read-only |
|
|
receivedTime |
- |
- |
Time the log was received |
|
|
recipientAccountId |
- |
- |
Account ID that received the event |
|
|
requestID |
- |
- |
Value that identifies the request (The service being called generates this value) |
|
|
requestParameters |
- |
- |
The parameters, if any, that were sent with the request (Parameters are documented in the API reference docs for the appropriate AWS service) |
|
|
resources |
- |
- |
List of resources accessed in the event |
|
|
responseElements |
- |
- |
Response elements for actions that made changes (create, update, or delete actions) |
|
|
serviceEventDetails |
- |
- |
Identifies the service event, including what triggered the event and the result |
|
|
sharedEventID |
- |
- |
GUID generated by AWS CloudTrail to uniquely identify CloudTrail events (From the same AWS action that is sent to different AWS accounts) |
|
|
sourceIPAddress |
- |
|
IP address the request was made from (For actions that originate from the service console, the address reported is for the underlying customer resource, not the console web server. For services in AWS, only the DNS name is displayed.) |
|
|
tags |
- |
- |
Technique Id detected by the Security Analytics Engine based on the alert filter |
|
|
userAgent |
- |
|
The agent through which the request was made (Such as the AWS Management Console, an AWS service, the AWS SDKs, or the AWS CLI) |
|
|
userIdentity |
- |
- |
Information about the user that made a request |
|
|
uuid |
- |
- |
Unique key of the log entry |
|
|
vpcEndpointId |
- |
- |
VPC endpoint in which requests were made from a VPC to another AWS service (Such as Amazon S3) |
|
|
