Layer: Others
This documentation provides detailed information about all fields available for AWS CloudTrail.
| Field Name | Type | Searchable | General Field | Description | Example | Products |
|---|---|---|---|---|---|---|
| additionalEventData | dynamic | true | - | The additional data about the event that was not part of the request | {"SignatureVersion":"SigV4","CipherSuite":"ECDHE-RSA-AES128-GCM-SHA256"} | AWS CloudTrail |
| apiVersion | string | true | - | API version associated with the AwsApiCall eventType value | 2012-08-10 | AWS CloudTrail |
| awsRegion | string | true | - | AWS region that the request was made to |
|
AWS CloudTrail |
| errorCode | string | true | - | AWS service error code |
|
AWS CloudTrail |
| errorMessage | string | true | - | Description of the error |
|
AWS CloudTrail |
| eventCategory | string | true | - | Event category used in LookupEvents calls |
|
AWS CloudTrail |
| eventID | string | true | - | GUID generated by AWS CloudTrail to identify events | 11111111-1111-1111-1111-111111111111 | AWS CloudTrail |
| eventName | string | true | - | The name of the log event |
|
AWS CloudTrail |
| eventSource | string | true | - | The AWS service the request was made to |
|
AWS CloudTrail |
| eventTime | string | true | - | The time the agent or product detected the event | 2022-07-06T22:28:06+00:00 | AWS CloudTrail |
| eventType | string | true | - | Type of event that generated the event record |
|
AWS CloudTrail |
| eventVersion | string | true | - | Version of the log event format | 1.08 | AWS CloudTrail |
| readOnly | bool | true | - | Whether the operation is read-only |
|
AWS CloudTrail |
| recipientAccountId | string | true | - | Account ID that received the event | 123456789012 | AWS CloudTrail |
| requestID | string | true | - | Value that identifies the request (The service being called generates this value) | 11111111-1111-1111-1111-111111111111 | AWS CloudTrail |
| requestParameters | dynamic | true | - | The parameters, if any, that were sent with the request (Parameters are documented in the API reference docs for the appropriate AWS service) | {"durationSeconds": 3600, "roleSessionName":"BackplaneAssumeRoleSession"} | AWS CloudTrail |
| resources | dynamic | true | - | List of resources accessed in the event | [{"type":"AWS::S3::Object","ARN":"arn:aws:s3:::your-bucket/file.txt"}] | AWS CloudTrail |
| responseElements | dynamic | true | - | Response elements for actions that made changes (create, update, or delete actions) | {"user":{"createDate":"Mar 24, 2014 9:11:59 PM","userName":"Bob","arn":"arn:aws:iam::123456789012:user/Bob","path":"/","userId":"EXAMPLEUSERID"}} | AWS CloudTrail |
| serviceEventDetails | dynamic | true | - | The service event (including what triggered the event and the result) | {"lifecycleEventPolicy":{"policyVersion":1,"policyId":"11111111-1111-1111-1111-111111111111"}} | AWS CloudTrail |
| sharedEventID | string | true | - | GUID generated by AWS CloudTrail to uniquely identify CloudTrail events (From the same AWS action that is sent to different AWS accounts) | 11111111-1111-1111-1111-111111111111 | AWS CloudTrail |
| sourceIPAddress | string | true |
|
IP address the request was made from (For actions that originate from the service console, the address reported is for the underlying customer resource, not the console web server. For services in AWS, only the DNS name is displayed.) |
|
AWS CloudTrail |
| userAgent | string | true | CLICommand | The user agent or the agent through which the request was made |
|
AWS CloudTrail |
| userIdentity | dynamic | true | - | Information about the user that made a request |
|
AWS CloudTrail |
| vpcEndpointId | string | true | - | VPC endpoint in which requests were made from a VPC to another AWS service (Such as Amazon S3) | vpce-00000000000000000 | AWS CloudTrail |
Generated by XDR Common Schema Public Doc Generator V2