Cloud AWS

Version 1.1

\

Please check back often. New fields as added to accommodate Vendor Changes.

Field Name

Data Type

length

cloud.account.id

text

32

cloud.instance.name

text

32

cloud.provider

text

8

cloud.region

text

16

cloud.service.name

text

16

destination.as.organization.name

text

128

destination.geo.city_name

text

32

destination.geo.continent_code

text

6

destination.geo.country_code

text

6

destination.geo.country_name

text

32

destination.geo.location.lat

geopoint

destination.geo.location.lon

geopoint

destination.geo.region_name

text

64

event.action

text

16

event.category

text

64

event.created

date

event.dataset

text

32

event.id

text

64

event.kind

text

8

event.module

text

16

event.original

event.outcome

text

16

event.severity

text

16

event.type

text

32

organisation.id

text

8

sensor.id

text

10

source.as.number

text

16

source.as.organization.name

text

128

source.geo.city_name

text

32

source.geo.continent_code

text

6

source.geo.country_code

text

6

source.geo.country_name

text

32

source.geo.location.lat

geopoint

source.geo.location.lon

geopoint

source.geo.region_name

text

64

uuid

text

36

source.locality

text

16

destination.locality

text

16

network.community.id

text

128

source.ip

ip

destination.domain

text

128

source.bytes

int

64

destination.ip

ip

user_agent.name

text

256

http.request.method

text

16

http.version

text

16

source.port

int

8

tls.cipher

text

256

trace.id

text

36

http.response.status_code

int

8

http.request.body.bytes

int

64

http.response.body.bytes

int

64

destination.bytes

int

64

destination.port

int

8

message

source.address

ip

user.id

text

36

user_agent.original

text

265

user.name

text

64

file.path

text

1024

file.hash.sha256

text

64

group.id

text

64

user.target.id

text

64

user.changes.name

text

64

group.name

text

64

user.target.name

text

64

aws.cloudtrail.error_code

text

36

aws.cloudtrail.error_message

text

512

aws.cloudtrail.event_type

text

64

aws.cloudtrail.request_parameters.attribute

text

64

aws.cloudtrail.requestParameters.containerDefinitions.command

text

64

aws.cloudtrail.responseElements

text

64

aws.cloudtrail.responseElements.pendingModifiedValues.masterUserPassword

text

64

aws.cloudtrail.responseElements.publiclyAccessible

text

64

aws.cloudtrail.resources.type

text

64

aws.cloudtrail.user_identity.arn

text

64

aws.cloudtrail.user_identity.session_context.session_issuer.type

text

64

aws.cloudtrail.user_identity.type

text

64

destination.address

ip

host.id

text

36

cloud.machine.type

text

64

host.type

text

64

network.direction

text

16

network.transport

text

8

rule.name

text

128

rule.category

text

64

rule.ruleset

text

128

user.roles

text

128

dns.question.name

text

128

network.protocol

text

8

url.query

text

1024

url.path

text

1024

rule.id

text

36

aws.waf.terminating_rule_match_details

text

128

aws.waf.source.name

text

128

related.user

text

128

related.hash

text

128

related.ip

text

128

related.hosts

text

128

agent.type

text

32

log.type

text

32

observer.type

text

32

threatintel.days

int

16

threatintel.event_data

text

512

threatintel.malware.malware

text

512

threatintel.malware.timestamp

date/time

threatintel.tags

text

256

threatintel.white_list

text

32

threatintel.severity

text

16