search

airbnb / streamalert

StreamAlert is a serverless, realtime data analysis framework which empowers you to ingest, analyze, and alert on data from any environment, using datasources and alerting logic you define.
https://streamalert.io
Apache License 2.0
2.86k stars 334 forks source link

Update cloudtrail schema to 1.08 #1301

Closed gavinelder closed 3 years ago

gavinelder commented 3 years ago

to: cc: @airbnb/streamalert-maintainers related to: resolves:

Background

AWS releases a new version of the cloud trail schema 1.08 as found in https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-record-contents.html

The following adds relevant fields from 1.07 & 1.08 where it seemed appropriate.

I have commented on each field added the relevant AWS documentation which was available.

Exclusions

At this time I have excluded the field edgeDeviceDetails This is exclusive to outpost and I cannot find any log examples to reference and confirm the type. 

edgeDeviceDetails
Shows information about edge devices that are targets of a request. Currently, S3 Outposts device events include this field.

Since: 1.08

Optional: True

Changes

Added fields

Testing

No testing due to lack of logs to check against, I welcome examples submissions.

Ryxias commented 3 years ago

Rebased onto release-3-5-0

jlundstedt commented 2 years ago

@gavinelder FYI - edgeDeviceDetails is documented to be a JSON object by AWS here