Skip to content

Commit 2edcac1

Browse files
nazargesyknazargesyk
authored
Merge pull request #200 from UncoderIO/gis-1809
Gis 1809 improve mapping
2 parents 41c0d42 + f5c2a69 commit 2edcac1

File tree

1 file changed

+41
-0
lines changed

1 file changed

+41
-0
lines changed

uncoder-core/app/translator/mappings/platforms/elasticsearch_esql/aws_cloudtrail.yml

Lines changed: 41 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,41 @@
1+
platform: ElasticSearch ES|QL
2+
source: aws_cloudtrail
3+
log_source:
4+
index: [logs-*]
5+
default_log_source:
6+
index: logs-*
7+
field_mapping:
8+
additionalEventdata: aws.cloudtrail.additional_eventdata
9+
apiVersion: aws.cloudtrail.api_version
10+
awsRegion: cloud.region
11+
errorCode: aws.cloudtrail.error_code
12+
errorMessage: aws.cloudtrail.error_message
13+
eventID: event.id
14+
eventName: event.action
15+
eventSource: event.provider
16+
eventTime: '@timestamp'
17+
eventType: aws.cloudtrail.event_type
18+
eventVersion: aws.cloudtrail.event_version
19+
managementEvent: aws.cloudtrail.management_event
20+
readOnly: aws.cloudtrail.read_only
21+
requestID: aws.cloudtrail.request_id
22+
requestParameters: aws.cloudtrail.request_parameters
23+
resources.accountId: aws.cloudtrail.resources.account_id
24+
resources.ARN: aws.cloudtrail.resources.arn
25+
resources.type: aws.cloudtrail.resources.type
26+
responseElements: aws.cloudtrail.response_elements
27+
serviceEventDetails: aws.cloudtrail.service_event_details
28+
sharedEventId: aws.cloudtrail.shared_event_id
29+
sourceIPAddress: source.address
30+
userAgent: user_agent
31+
userIdentity.accessKeyId: aws.cloudtrail.user_identity.access_key_id
32+
userIdentity.accountId: cloud.account.id
33+
userIdentity.arn: aws.cloudtrail.user_identity.arn
34+
userIdentity.invokedBy: aws.cloudtrail.user_identity.invoked_by
35+
userIdentity.principalId: user.id
36+
userIdentity.sessionContext.attributes.creationDate: aws.cloudtrail.user_identity.session_context.creation_date
37+
userIdentity.sessionContext.attributes.mfaAuthenticated: aws.cloudtrail.user_identity.session_context.mfa_authenticated
38+
userIdentity.sessionContext.sessionIssuer.userName: role.name
39+
userIdentity.type: aws.cloudtrail.user_identity.type
40+
userIdentity.userName: user.name
41+
vpcEndpointId: aws.cloudtrail.vpc_endpoint_id

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy