Skip to content

Gis 1809 improve mapping #200

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Oct 16, 2024
Merged

Gis 1809 improve mapping #200

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
b026dda
add aws_cloudtrail for elastic esql
nazargesyk Sep 18, 2024
dead305
gis-1809 update elastic-esql-query mapping
nazargesyk Sep 18, 2024
f5c2a69
Merge branch 'main' into gis-1809
nazargesyk Oct 16, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
41 changes: 41 additions & 0 deletions uncoder-core/app/translator/mappings/platforms/elasticsearch_esql/aws_cloudtrail.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
platform: ElasticSearch ES|QL
source: aws_cloudtrail
log_source:
index: [logs-*]
default_log_source:
index: logs-*
field_mapping:
additionalEventdata: aws.cloudtrail.additional_eventdata
apiVersion: aws.cloudtrail.api_version
awsRegion: cloud.region
errorCode: aws.cloudtrail.error_code
errorMessage: aws.cloudtrail.error_message
eventID: event.id
eventName: event.action
eventSource: event.provider
eventTime: '@timestamp'
eventType: aws.cloudtrail.event_type
eventVersion: aws.cloudtrail.event_version
managementEvent: aws.cloudtrail.management_event
readOnly: aws.cloudtrail.read_only
requestID: aws.cloudtrail.request_id
requestParameters: aws.cloudtrail.request_parameters
resources.accountId: aws.cloudtrail.resources.account_id
resources.ARN: aws.cloudtrail.resources.arn
resources.type: aws.cloudtrail.resources.type
responseElements: aws.cloudtrail.response_elements
serviceEventDetails: aws.cloudtrail.service_event_details
sharedEventId: aws.cloudtrail.shared_event_id
sourceIPAddress: source.address
userAgent: user_agent
userIdentity.accessKeyId: aws.cloudtrail.user_identity.access_key_id
userIdentity.accountId: cloud.account.id
userIdentity.arn: aws.cloudtrail.user_identity.arn
userIdentity.invokedBy: aws.cloudtrail.user_identity.invoked_by
userIdentity.principalId: user.id
userIdentity.sessionContext.attributes.creationDate: aws.cloudtrail.user_identity.session_context.creation_date
userIdentity.sessionContext.attributes.mfaAuthenticated: aws.cloudtrail.user_identity.session_context.mfa_authenticated
userIdentity.sessionContext.sessionIssuer.userName: role.name
userIdentity.type: aws.cloudtrail.user_identity.type
userIdentity.userName: user.name
vpcEndpointId: aws.cloudtrail.vpc_endpoint_id
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy