search

matanolabs / matano

Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
https://matano.dev
Apache License 2.0
1.46k stars 100 forks source link

Add AWS Config history managed log source #65

Closed Samrose-Ahmed closed 1 year ago

Samrose-Ahmed commented 1 year ago

As in #51

Testing

Screenshot 2023-01-26 at 3 56 33 PM

Sample event

{
    "ts": "2023-01-26 23:40:44.868",
    "aws": {
        "config_history": {
            "version": null,
            "item": {
                "status": "ResourceNotRecorded",
                "capture_time": "2023-01-26 06:06:53.998",
                "md5_hash": null,
                "state_id": "1674713213998"
            },
            "arn": null,
            "resource": {
                "type": "AWS::Athena::WorkGroup",
                "id": "athenav3",
                "name": "athenav3",
                "created": "2022-11-10 19:29:05.461"
            },
            "related_events": null,
            "relationship": null,
            "configuration": null,
            "supplementary_configuration": null,
            "tags": null
        }
    },
    "labels": null,
    "tags": null,
    "cloud": {
        "account": {
            "id": "123456789012",
            "name": null
        },
        "availability_zone": null,
        "provider": "aws",
        "region": "eu-west-1",
        "service": {
            "name": "athena"
        }
    },
    "ecs": {
        "version": "8.5.0"
    },
    "event": {
        "kind": "event",
        "category": [
            "configuration"
        ],
        "created": null,
        "type": [
            "creation"
        ],
        "hash": null
    }
}