Cloudtrail Event Fields

2025-12-06 09:12:45 +01:00 · 2021-09-02 11:46:18 -04:00
parent 556bad6925
commit 2bf471054b
1 changed files with 2 additions and 1 deletions
--- a/salt/soc/files/soc/hunt.eventfields.json
+++ b/salt/soc/files/soc/hunt.eventfields.json
@@ -44,5 +44,6 @@
          ":elasticsearch:": ["soc_timestamp", "agent.name", "message", "log.level", "metadata.version", "metadata.pipeline", "event.dataset" ],
          ":kibana:": ["soc_timestamp", "host.name", "message", "kibana.log.meta.req.headers.x-real-ip", "event.dataset" ],
          "::rootcheck": ["soc_timestamp", "host.name", "metadata.ip_address", "log.full", "event.dataset", "event.module" ],
-          "::syscollector": ["soc_timestamp", "host.name", "metadata.ip_address", "wazuh.data.type", "event.dataset", "event.module" ]
+          "::syscollector": ["soc_timestamp", "host.name", "metadata.ip_address", "wazuh.data.type", "event.dataset", "event.module" ],
+          ":aws:": ["soc_timestamp", "aws.cloudtrail.event_category", "aws.cloudtrail.event_type", "event.provider", "event.action", "event.outcome", "cloud.region", "user.name", "s        ource.ip", "source.geo.region_iso_code" ]
          }