Document toolboxDocument toolbox

Cloud

Owned by Juan Tomás Alonso Nieto (Deactivated)
May 08, 2023
4 min read

This group includes tags that start with the level cloud. These tags identify data generated by Cloud services.

Company

Product / Service

Data tables

Company

Product / Service

Data tables

AWS CloudTrail

  • cloud.aws.cloudtrail.access_analyzer

  • cloud.aws.cloudtrail.acm

  • cloud.aws.cloudtrail.acm_pca

  • cloud.aws.cloudtrail.amazonmq

  • cloud.aws.cloudtrail.apigateway

  • cloud.aws.cloudtrail.appmesh

  • cloud.aws.cloudtrail.appstream

  • cloud.aws.cloudtrail.appsync

  • cloud.aws.cloudtrail.athena

  • cloud.aws.cloudtrail.backup

  • cloud.aws.cloudtrail.batch

  • cloud.aws.cloudtrail.billingconsole

  • cloud.aws.cloudtrail.budgets

  • cloud.aws.cloudtrail.cloudsearch

  • cloud.aws.cloudtrail.cloudshell

  • cloud.aws.cloudtrail.codeartifact

  • cloud.aws.cloudtrail.codebuild

  • cloud.aws.cloudtrail.codecommit

  • cloud.aws.cloudtrail.codedeploy

  • cloud.aws.cloudtrail.codepipeline

  • cloud.aws.cloudtrail.cognito_identify

  • cloud.aws.cloudtrail.cognito_idp

  • cloud.aws.cloudtrail.comprehend

  • cloud.aws.cloudtrail.config

  • cloud.aws.cloudtrail.datapipeline

  • cloud.aws.cloudtrail.dax

  • cloud.aws.cloudtrail.digest_logfile

  • cloud.aws.cloudtrail.digest_meta

  • cloud.aws.cloudtrail.directconnect

  • cloud.aws.cloudtrail.dms

  • cloud.aws.cloudtrail.ds

  • cloud.aws.cloudtrail.ecr_public

  • cloud.aws.cloudtrail.ecs

  • cloud.aws.cloudtrail.elasticache

  • cloud.aws.cloudtrail.elasticbeanstalk

  • cloud.aws.cloudtrail.elastictranscoder

  • cloud.aws.cloudtrail.es

  • cloud.aws.cloudtrail.firehose

  • cloud.aws.cloudtrail.fsx

  • cloud.aws.cloudtrail.glacier

  • cloud.aws.cloudtrail.glue

  • cloud.aws.cloudtrail.guardduty

  • cloud.aws.cloudtrail.iam

  • cloud.aws.cloudtrail.identifystore

  • cloud.aws.cloudtrail.kafka

  • cloud.aws.cloudtrail.kinesisanalytics

  • cloud.aws.cloudtrail.kinesisvideo

  • cloud.aws.cloudtrail.lakeformation

  • cloud.aws.cloudtrail.license_manager

  • cloud.aws.cloudtrail.lightsail

  • cloud.aws.cloudtrail.mediaconnect

  • cloud.aws.cloudtrail.mediaconvert

  • cloud.aws.cloudtrail.mediapackage

  • cloud.aws.cloudtrail.mediastore

  • cloud.aws.cloudtrail.mediatailor

  • cloud.aws.cloudtrail.network_firewall

  • cloud.aws.cloudtrail.opsworks

  • cloud.aws.cloudtrail.opsworks_cm

  • cloud.aws.cloudtrail.pi

  • cloud.aws.cloudtrail.pricelist

  • cloud.aws.cloudtrail.ram

  • cloud.aws.cloudtrail.rekognition

  • cloud.aws.cloudtrail.route53domains

  • cloud.aws.cloudtrail.route53resolver

  • cloud.aws.cloudtrail.sagemaker

  • cloud.aws.cloudtrail.savingsplans

  • cloud.aws.cloudtrail.schemas

  • cloud.aws.cloudtrail.securityhub

  • cloud.aws.cloudtrail.servicecatalog

  • cloud.aws.cloudtrail.servicecatalog_appregistry

  • cloud.aws.cloudtrail.servicediscovery

  • cloud.aws.cloudtrail.servicesquotas

  • cloud.aws.cloudtrail.shield

  • cloud.aws.cloudtrail.sms

  • cloud.aws.cloudtrail.soo_directory

  • cloud.aws.cloudtrail.ssm

  • cloud.aws.cloudtrail.states

  • cloud.aws.cloudtrail.storagegateway

  • cloud.aws.cloudtrail.support

  • cloud.aws.cloudtrail.swf

  • cloud.aws.cloudtrail.translate

  • cloud.aws.cloudtrail.trustedadvisor

  • cloud.aws.cloudtrail.waf

  • cloud.aws.cloudtrail.waf_regional

  • cloud.aws.cloudtrail.wafv2

  • cloud.aws.cloudtrail.wellarchitected

  • cloud.aws.cloudtrail.workspaces

  • cloud.aws.cloudtrail.xray

More information

AWS CloudWatch

  • cloud.aws.cloudwatch.events

More information

AWS GuardDuty

  • cloud.aws.guarduty.events

  • cloud.aws.guarduty.findings

More information

AWS Simple Queue Service (SQS)

  • cloud.aws.sqs.audit

AWS Web Application Firewall (WAF)

  • cloud.aws.waf.logs

Azure Active Directory

  • cloud.azure.ad.audit

  • cloud.azure.ad.managed_identity_signin

  • cloud.azure.ad.noninteractive_user_signin

  • cloud.azure.ad.provisioning

  • cloud.azure.ad.risky_users

  • cloud.azure.ad.service_principal_signin

  • cloud.azure.ad.signin

  • cloud.azure.ad.user_risk_events

  • cloud.azure.ad.risky_service_principals

  • cloud.azure.ad.service_principal_risk_events

More information

Azure Activity log

  • cloud.azure.activity.events

More information

Azure App Service

  • cloud.azure.appservice.administrative

  • cloud.azure.appservice.policy

More information

Azure Application Gateway

  • cloud.azure.appgetaway.access_log

  • cloud.azure.appgetaway.administrative

  • cloud.azure.appgetaway.firewall_log

  • cloud.azure.appgetaway.policy

More information

Azure Container Registry

  • cloud.azure.contregistry.login

More information

Azure Data Factory

  • cloud.azure.datafactory.administrative

More information

Azure Database for PostgreSQL

  • cloud.azure.postgresql.events

More information

Azure Diagnostics extension

  • cloud.azure.wad.waddirectories

  • cloud.azure.wad.wadperformancecounters

  • cloud.azure.wad.wadwindowseventlogs

More information

Azure Event Hub

  • cloud.azure.eh.events

  • cloud.azure.eh.metrics

More information

Azure Firewall

  • cloud.azure.firewall.application_rule

  • cloud.azure.firewall.network_rule

  • cloud.azure.firewall.dns_proxy

More information

Azure Front Door

  • cloud.azure.frontdoor.access

  • cloud.azure.frontdoor.waf

More information

Azure Host Pool

  • cloud.azure.hostpools

  • cloud.azure.hostpools.agenthealthstatus

  • cloud.azure.hostpools.checkpoint

  • cloud.azure.hostpools.connection

  • cloud.azure.hostpools.error

  • cloud.azure.hostpools.management

More information

Azure Key Vault

  • cloud.azure.keyvault.administrative

  • cloud.azure.keyvault.audit

  • cloud.azure.keyvault.policy

More information

Azure Kubernetes Service

  • cloud.azure.aks.cluster_autoscaler

  • cloud.azure.aks.guard

  • cloud.azure.aks.kube_apiserver

  • cloud.azure.aks.kube_audit

  • cloud.azure.aks.kube_audit_admin

  • cloud.azure.aks.kube_controller_manager

  • cloud.azure.aks.kube_scheduler

  • cloud.azure.aks.containerlog

More information

Azure Monitor

  • cloud.azure.monitor.alert

  • cloud.azure.monitor.audit

More information

Azure Monitor Metrics

  • cloud.azure.metrics.metricsBlobLog

  • cloud.azure.metrics.metricsCapacityBlob

  • cloud.azure.metrics.metricsTableLog

  • cloud.azure.metrics.metricsTransactionsBlob

  • cloud.azure.metrics.metricsTransactionsQueue

  • cloud.azure.metrics.metricsTransactionsTable

More information

Azure Monitor Metrics: other metrics

  • cloud.azure.others.administrative

  • cloud.azure.others.autoscale

  • cloud.azure.others.events

  • cloud.azure.others.policy

  • cloud.azure.others.recommendation

  • cloud.azure.others.resourcehealth

More information

Azure Network Security

  • cloud.azure.sec.nsg

  • cloud.azure.sec.rms

More information

Azure Security Center

  • cloud.azure.securitycenter.security

More information

Azure Service Bus

  • cloud.azure.servicebus.metrics

  • cloud.azure.servicebus.operational

More information

Azure Site Recovery

  • cloud.azure.siterecovery.addon_backup_jobs

  • cloud.azure.siterecovery.addon_backup_policy

  • cloud.azure.siterecovery.addon_backup_protected_inst

  • cloud.azure.siterecovery.addon_backup_storage

  • cloud.azure.siterecovery.backup_report

  • cloud.azure.siterecovery.core_backup

  • cloud.azure.siterecovery.net_sec_group_event

  • cloud.azure.siterecovery.net_sec_group_rule_counter

  • cloud.azure.siterecovery.site_rec_recovery_points

  • cloud.azure.siterecovery.site_rec_rep_stats

  • cloud.azure.siterecovery.site_rec_replicated_items

More information

Azure SQL Database

  • cloud.azure.sql.automatic_tuning

  • cloud.azure.sql.resourceusagestats

  • cloud.azure.sql.securityauditevents

  • cloud.azure.sql.query_store_runtime

More information

Azure Storage Server

  • cloud.azure.storage.administrative

More information

Azure Virtual Machines

  • cloud.azure.vm.administrative

  • cloud.azure.vm.metrics_simple

  • cloud.azure.vm.policy

  • cloud.azure.vm.resourcehealth

  • cloud.azure.vm.securityevent

More information

Azure Virtual Machine Scale Sets

  • cloud.azure.vmscalesets.administrative

  • cloud.azure.vmscalesets.autoscale

  • cloud.azure.vmscalesets.policy

  • cloud.azure.vmscalesets.resourcehealth

More information

Alibaba cloud

  • cloud.alibaba.actiontrail.events

  • cloud.alibaba.log_service.events

More information

Box cloud content management

  • cloud.box.events

More information

Cloudflare

  • cloud.cloudflare.logpush.<eventType> 

  • cloud.cloudflare.logpush.http

More information

Cloud Foundry application

  • cloud.cloud_foundry.application

  • cloud.cloud_foundry.uaa

  • cloud.cloud_foundry.credhub

  • cloud.cloud_foundry.bosh

More information

Google Cloud

  • cloud.gcp.scc.event_threat

More information

Google Worskpace

  • cloud.gsuite.alerts.activity_rule

  • cloud.gsuite.alerts.appmaker_default_cloud_sql_setup

  • cloud.gsuite.alerts.customer_takeout_initiated

  • cloud.gsuite.alerts.data_loss_prevention

  • cloud.gsuite.alerts.device_compromised

  • cloud.gsuite.alerts.google_operations

  • cloud.gsuite.alerts.government_attack_warning

  • cloud.gsuite.alerts.leaked_password

  • cloud.gsuite.alerts.malware_reclassification

  • cloud.gsuite.alerts.misconfigured_whitelist

  • cloud.gsuite.alerts.phising_reclassification

  • cloud.gsuite.alerts.suspicious_message_reported

  • cloud.gsuite.alerts.suspicious_login

  • cloud.gsuite.alerts.suspicious_login_less_secure_app

  • cloud.gsuite.alerts.suspicious_programmatic_login

  • cloud.gsuite.alerts.suspended_spam_through_relay

  • cloud.gsuite.alerts.suspended_suspicious_activity

  • cloud.gsuite.alerts.suspicious_activity

  • cloud.gsuite.alerts.super_admin_password_reset

  • cloud.gsuite.alerts.user_reported_phising

  • cloud.gsuite.alerts.user_reported_spam_spike

  • cloud.gsuite.alerts.user_suspended

  • cloud.gsuite.alerts.user_suspended.user_suspended_spam

  • cloud.gsuite.reports.generic

  • cloud.gsuite.reports

  • cloud.gsuite.reports.access_transparency

  • cloud.gsuite.reports.admin

  • cloud.gsuite.reports.calendar

  • cloud.gsuite.reports.chat

  • cloud.gsuite.reports.data_studio

  • cloud.gsuite.reports.drive

  • cloud.gsuite.reports.gcp

  • cloud.gsuite.reports.groups

  • cloud.gsuite.reports.gplus

  • cloud.gsuite.reports.jamboard

  • cloud.gsuite.reports.login

  • cloud.gsuite.reports.meet

  • cloud.gsuite.reports.mobile

  • cloud.gsuite.reports.rules

  • cloud.gsuite.reports.saml

  • cloud.gsuite.reports.token

  • cloud.gsuite.reports.user_accounts

More information

Cisco Meraki

  • cloud.meraki.api.changelog

More information

Netskope cloud

  • cloud.netskope.events

Microsoft Office 365 (hosted on Azure)

  • cloud.office365.exchange

  • cloud.office365.management

  • cloud.office365.messagetracing

More information

  • cloud.office365.siem_agent_event

  • cloud.office365.siem_agent_alert

More information

Rubrik cloud data management

  • cloud.rubrik.events

VMware Tanzu Operations Manager

  • cloud.vmware_tanmzu.opsmanager.audit

More information