cloud.aws.cloudtrail

[ 1 Introduction ] [ 2 Valid tags and data tables ] [ 3 How is the data sent to Devo? ]

Introduction

The tags beginning with cloud.aws.cloudtrail identify events generated by AWS Cloudtrail.

Valid tags and data tables

The full tag must have 5 levels. The first three are fixed as cloud.aws.cloudtrail. The fourth level identifies the subtype of events sent, and the fourth level indicates the aws-accountId. The fifth tag is aws-region. Subtype is used to define the Devo table. The fourth and fifth tag will be stored as fields of the Devo table.

Below you will find the correspondence between the subtype and the Devo table name:

Technology	Brand	Type	Subtype

Technology

Brand

Type

Subtype

cloud

aws

cloudtrail

access_analyzer
acm
acm_pca
amazonmq
apigateway
appmesh
appstream
appsync
athena
backup
batch
billingconsole
budgets
cloudhsm
cloudsearch
cloudshell
codeartifact
codebuild
codecommit
codedeploy
codepipeline
cognito_identify
cognito_idp
comprehend
config
datapipeline
dax
digest_logfile
digest_meta
directconnect
dms
ds
ecr_public
ecs
elasticache
elasticbeanstalk
elasticmapreduce
elastictranscoder
es
firehose
fsx
glacier
glue
guardduty
identifystore
kafka
kinesisanalytics
kinesisvideo
lakeformation
license_manager
lightsail
mediaconnect
mediaconvert
mediapackage
mediastore
mediatailor
network_firewall
opsworks
opsworks_cm
pi
pricelist
ram
rekognition
route53domains
route53resolver
sagemaker
savingsplans
schemas
securityhub
servicecatalog
servicecatalog_appregistry
servicediscovery
servicesquotas
shield
sms
soo_directory
ssm
states
storagegateway
support
swf
translate
trustedadvisor
waf
waf_regional
wafv2
wellarchitected
workspaces
xray

These are the valid tags and corresponding data tables that will receive the parsers' data:

Tag	Data table

How is the data sent to Devo?

Logs generated by AWS Cloudtrail must be sent to the Devo Platform via the Devo Cloud Collector to secure communication.

Tag	Data table
cloud.aws.cloudtrail.access_analyzer	cloud.aws.cloudtrail.access_analyzer
cloud.aws.cloudtrail.acm	cloud.aws.cloudtrail.acm
cloud.aws.cloudtrail.acm_pca	cloud.aws.cloudtrail.acm_pca
cloud.aws.cloudtrail.amazonmq	cloud.aws.cloudtrail.amazonmq
cloud.aws.cloudtrail.apigateway	cloud.aws.cloudtrail.apigateway
cloud.aws.cloudtrail.appmesh	cloud.aws.cloudtrail.appmesh
cloud.aws.cloudtrail.appstream	cloud.aws.cloudtrail.appstream
cloud.aws.cloudtrail.appsync	cloud.aws.cloudtrail.appsync
cloud.aws.cloudtrail.athena	cloud.aws.cloudtrail.athena
cloud.aws.cloudtrail.backup	cloud.aws.cloudtrail.backup
cloud.aws.cloudtrail.batch	cloud.aws.cloudtrail.batch
cloud.aws.cloudtrail.billingconsole	cloud.aws.cloudtrail.billingconsole
cloud.aws.cloudtrail.budgets	cloud.aws.cloudtrail.budgets
cloud.aws.cloudtrail.cloudhsm	cloud.aws.cloudtrail.cloudhsm
cloud.aws.cloudtrail.cloudsearch	cloud.aws.cloudtrail.cloudsearch
cloud.aws.cloudtrail.cloudshell	cloud.aws.cloudtrail.cloudshell
cloud.aws.cloudtrail.codeartifact	cloud.aws.cloudtrail.codeartifact
cloud.aws.cloudtrail.codebuild	cloud.aws.cloudtrail.codebuild
cloud.aws.cloudtrail.codecommit	cloud.aws.cloudtrail.codecommit
cloud.aws.cloudtrail.codedeploy	cloud.aws.cloudtrail.codedeploy
cloud.aws.cloudtrail.codepipeline	cloud.aws.cloudtrail.codepipeline
cloud.aws.cloudtrail.cognito_identify	cloud.aws.cloudtrail.cognito_identify
cloud.aws.cloudtrail.cognito_idp	cloud.aws.cloudtrail.cognito_idp
cloud.aws.cloudtrail.comprehend	cloud.aws.cloudtrail.comprehend
cloud.aws.cloudtrail.config	cloud.aws.cloudtrail.config
cloud.aws.cloudtrail.datapipeline	cloud.aws.cloudtrail.datapipeline
cloud.aws.cloudtrail.dax	cloud.aws.cloudtrail.dax
cloud.aws.cloudtrail.digest_logfile	cloud.aws.cloudtrail.digest_logfile
cloud.aws.cloudtrail.digest_meta	cloud.aws.cloudtrail.digest_meta
cloud.aws.cloudtrail.directconnect	cloud.aws.cloudtrail.directconnect
cloud.aws.cloudtrail.dms	cloud.aws.cloudtrail.dms
cloud.aws.cloudtrail.ds	cloud.aws.cloudtrail.ds
cloud.aws.cloudtrail.ecr_public	cloud.aws.cloudtrail.ecr_public
cloud.aws.cloudtrail.ecs	cloud.aws.cloudtrail.ecs
cloud.aws.cloudtrail.elasticache	cloud.aws.cloudtrail.elasticache
cloud.aws.cloudtrail.elasticbeanstalk	cloud.aws.cloudtrail.elasticbeanstalk
cloud.aws.cloudtrail.elasticmapreduce	cloud.aws.cloudtrail.elasticmapreduce
cloud.aws.cloudtrail.elastictranscoder	cloud.aws.cloudtrail.elastictranscoder
cloud.aws.cloudtrail.es	cloud.aws.cloudtrail.es
cloud.aws.cloudtrail.firehose	cloud.aws.cloudtrail.firehose
cloud.aws.cloudtrail.fsx	cloud.aws.cloudtrail.fsx
cloud.aws.cloudtrail.glacier	cloud.aws.cloudtrail.glacier
cloud.aws.cloudtrail.glue	cloud.aws.cloudtrail.glue
cloud.aws.cloudtrail.guardduty	cloud.aws.cloudtrail.guardduty
cloud.aws.cloudtrail.identifystore	cloud.aws.cloudtrail.identifystore
cloud.aws.cloudtrail.kafka	cloud.aws.cloudtrail.kafka
cloud.aws.cloudtrail.kinesisanalytics	cloud.aws.cloudtrail.kinesisanalytics
cloud.aws.cloudtrail.kinesisvideo	cloud.aws.cloudtrail.kinesisvideo
cloud.aws.cloudtrail.lakeformation	cloud.aws.cloudtrail.lakeformation
cloud.aws.cloudtrail.license_manager	cloud.aws.cloudtrail.license_manager
cloud.aws.cloudtrail.lightsail	cloud.aws.cloudtrail.lightsail
cloud.aws.cloudtrail.mediaconnect	cloud.aws.cloudtrail.mediaconnect
cloud.aws.cloudtrail.mediaconvert	cloud.aws.cloudtrail.mediaconvert
cloud.aws.cloudtrail.mediapackage	cloud.aws.cloudtrail.mediapackage
cloud.aws.cloudtrail.mediastore	cloud.aws.cloudtrail.mediastore
cloud.aws.cloudtrail.mediatailor	cloud.aws.cloudtrail.mediatailor
cloud.aws.cloudtrail.network_firewall	cloud.aws.cloudtrail.network_firewall
cloud.aws.cloudtrail.opsworks	cloud.aws.cloudtrail.opsworks
cloud.aws.cloudtrail.opsworks_cm	cloud.aws.cloudtrail.opsworks_cm
cloud.aws.cloudtrail.pi	cloud.aws.cloudtrail.pi
cloud.aws.cloudtrail.pricelist	cloud.aws.cloudtrail.pricelist
cloud.aws.cloudtrail.ram	cloud.aws.cloudtrail.ram
cloud.aws.cloudtrail.rekognition	cloud.aws.cloudtrail.rekognition
cloud.aws.cloudtrail.route53domains	cloud.aws.cloudtrail.route53domains
cloud.aws.cloudtrail.route53resolver	cloud.aws.cloudtrail.route53resolver
cloud.aws.cloudtrail.sagemaker	cloud.aws.cloudtrail.sagemaker
cloud.aws.cloudtrail.savingsplans	cloud.aws.cloudtrail.savingsplans
cloud.aws.cloudtrail.schemas	cloud.aws.cloudtrail.schemas
cloud.aws.cloudtrail.securityhub	cloud.aws.cloudtrail.securityhub
cloud.aws.cloudtrail.servicecatalog	cloud.aws.cloudtrail.servicecatalog
cloud.aws.cloudtrail.servicecatalog_appregistry	cloud.aws.cloudtrail.servicecatalog_appregistry
cloud.aws.cloudtrail.servicediscovery	cloud.aws.cloudtrail.servicediscovery
cloud.aws.cloudtrail.servicesquotas	cloud.aws.cloudtrail.servicesquotas
cloud.aws.cloudtrail.shield	cloud.aws.cloudtrail.shield
cloud.aws.cloudtrail.sms	cloud.aws.cloudtrail.sms
cloud.aws.cloudtrail.soo_directory	cloud.aws.cloudtrail.soo_directory
cloud.aws.cloudtrail.ssm	cloud.aws.cloudtrail.ssm
cloud.aws.cloudtrail.states	cloud.aws.cloudtrail.states
cloud.aws.cloudtrail.storagegateway	cloud.aws.cloudtrail.storagegateway
cloud.aws.cloudtrail.support	cloud.aws.cloudtrail.support
cloud.aws.cloudtrail.swf	cloud.aws.cloudtrail.swf
cloud.aws.cloudtrail.translate	cloud.aws.cloudtrail.translate
cloud.aws.cloudtrail.trustedadvisor	cloud.aws.cloudtrail.trustedadvisor
cloud.aws.cloudtrail.waf	cloud.aws.cloudtrail.waf
cloud.aws.cloudtrail.waf_regional	cloud.aws.cloudtrail.waf_regional
cloud.aws.cloudtrail.wafv2	cloud.aws.cloudtrail.wafv2
cloud.aws.cloudtrail.wellarchitected	cloud.aws.cloudtrail.wellarchitected
cloud.aws.cloudtrail.workspaces	cloud.aws.cloudtrail.workspaces
cloud.aws.cloudtrail.xray	cloud.aws.cloudtrail.xray