Cloud

This group includes tags that start with the level cloud. These tags identify data generated by Cloud services.

Company	Product / Service	Data tables

Company	Product / Service	Data tables

AWS CloudTrail

AWS CloudWatch

AWS Simple Queue Service (SQS)

AWS Web Application Firewall (WAF)

cloud.aws.cloudtrail.access_analyzer
cloud.aws.cloudtrail.acm
cloud.aws.cloudtrail.acm_pca
cloud.aws.cloudtrail.amazonmq
cloud.aws.cloudtrail.apigateway
cloud.aws.cloudtrail.appmesh
cloud.aws.cloudtrail.appstream
cloud.aws.cloudtrail.appsync
cloud.aws.cloudtrail.athena
cloud.aws.cloudtrail.backup
cloud.aws.cloudtrail.batch
cloud.aws.cloudtrail.billingconsole
cloud.aws.cloudtrail.budgets
cloud.aws.cloudtrail.cloudsearch
cloud.aws.cloudtrail.cloudshell
cloud.aws.cloudtrail.codeartifact
cloud.aws.cloudtrail.codebuild
cloud.aws.cloudtrail.codecommit
cloud.aws.cloudtrail.codedeploy
cloud.aws.cloudtrail.codepipeline
cloud.aws.cloudtrail.cognito_identify
cloud.aws.cloudtrail.cognito_idp
cloud.aws.cloudtrail.comprehend
cloud.aws.cloudtrail.config
cloud.aws.cloudtrail.datapipeline
cloud.aws.cloudtrail.dax
cloud.aws.cloudtrail.digest_logfile
cloud.aws.cloudtrail.digest_meta
cloud.aws.cloudtrail.directconnect
cloud.aws.cloudtrail.dms
cloud.aws.cloudtrail.ds
cloud.aws.cloudtrail.ecr_public
cloud.aws.cloudtrail.ecs
cloud.aws.cloudtrail.elasticache
cloud.aws.cloudtrail.elasticbeanstalk
cloud.aws.cloudtrail.elastictranscoder
cloud.aws.cloudtrail.es
cloud.aws.cloudtrail.firehose
cloud.aws.cloudtrail.fsx
cloud.aws.cloudtrail.glacier
cloud.aws.cloudtrail.glue
cloud.aws.cloudtrail.guardduty
cloud.aws.cloudtrail.identifystore
cloud.aws.cloudtrail.kafka
cloud.aws.cloudtrail.kinesisanalytics
cloud.aws.cloudtrail.kinesisvideo
cloud.aws.cloudtrail.lakeformation
cloud.aws.cloudtrail.license_manager
cloud.aws.cloudtrail.lightsail
cloud.aws.cloudtrail.mediaconnect
cloud.aws.cloudtrail.mediaconvert
cloud.aws.cloudtrail.mediapackage
cloud.aws.cloudtrail.mediastore
cloud.aws.cloudtrail.mediatailor
cloud.aws.cloudtrail.network_firewall
cloud.aws.cloudtrail.opsworks
cloud.aws.cloudtrail.opsworks_cm
cloud.aws.cloudtrail.pi
cloud.aws.cloudtrail.pricelist
cloud.aws.cloudtrail.ram
cloud.aws.cloudtrail.rekognition
cloud.aws.cloudtrail.route53domains
cloud.aws.cloudtrail.route53resolver
cloud.aws.cloudtrail.sagemaker
cloud.aws.cloudtrail.savingsplans
cloud.aws.cloudtrail.schemas
cloud.aws.cloudtrail.securityhub
cloud.aws.cloudtrail.servicecatalog
cloud.aws.cloudtrail.servicecatalog_appregistry
cloud.aws.cloudtrail.servicediscovery
cloud.aws.cloudtrail.servicesquotas
cloud.aws.cloudtrail.shield
cloud.aws.cloudtrail.sms
cloud.aws.cloudtrail.soo_directory
cloud.aws.cloudtrail.ssm
cloud.aws.cloudtrail.states
cloud.aws.cloudtrail.storagegateway
cloud.aws.cloudtrail.support
cloud.aws.cloudtrail.swf
cloud.aws.cloudtrail.translate
cloud.aws.cloudtrail.trustedadvisor
cloud.aws.cloudtrail.waf
cloud.aws.cloudtrail.waf_regional
cloud.aws.cloudtrail.wafv2
cloud.aws.cloudtrail.wellarchitected
cloud.aws.cloudtrail.workspaces
cloud.aws.cloudtrail.xray
More info about these parsers
cloud.aws.cloudwatch.events
More info about this parser
cloud.aws.sqs.audit
cloud.aws.waf.logs

Azure Active Directory

Azure Activity log

Azure App Service

Azure Application Gateway

Azure Container Registry

Azure Data Factory

Azure Database for PostgreSQL

Azure Diagnostics extension

Azure Event Hub

Azure Firewall

Azure Front Door

Azure Host Pool

Azure Key Vault

Azure Kubernetes Service

Azure Monitor

Azure Monitor Metrics

Azure Monitor Metrics: other metrics

Azure Network Security

Azure Security Center

Azure Service Bus

Azure Site Recovery

Azure SQL Database

Azure Storage Server

Azure Virtual Machines

Azure Virtual Machine Scale Sets

cloud.azure.ad.audit
cloud.azure.ad.managed_identity_signin
cloud.azure.ad.noninteractive_user_signin
cloud.azure.ad.provisioning
cloud.azure.ad.risky_users
cloud.azure.ad.service_principal_signin
cloud.azure.ad.signin
cloud.azure.ad.user_risk_events
More info about these parsers
cloud.azure.activity.events
More info about these parsers
cloud.azure.appservice.administrative
cloud.azure.appservice.policy
More info about these parsers
cloud.azure.appgetaway.access_log
cloud.azure.appgetaway.administrative
cloud.azure.appgetaway.firewall_log
cloud.azure.appgetaway.policy
More info about these parsers
cloud.azure.contregistry.login
More info about these parsers
cloud.azure.datafactory.administrative
More info about these parsers
cloud.azure.postgresql.events
More info about these parsers
cloud.azure.wad.waddirectories
cloud.azure.wad.wadperformancecounters
cloud.azure.wad.wadwindowseventlogs

More info about these parsers

cloud.azure.eh.events
cloud.azure.eh.metrics

More info about these parsers

cloud.azure.firewall.application_rule
cloud.azure.firewall.network_rule
cloud.azure.firewall.dns_proxy

More info about these parsers

cloud.azure.frontdoor.access
cloud.azure.frontdoor.waf

More info about these parsers

cloud.azure.hostpools
cloud.azure.hostpools.agenthealthstatus
cloud.azure.hostpools.checkpoint
cloud.azure.hostpools.connection
cloud.azure.hostpools.error
cloud.azure.hostpools.management

More info about these parsers

cloud.azure.keyvault.administrative
cloud.azure.keyvault.audit
cloud.azure.keyvault.policy

More info about these parsers

cloud.azure.aks.cluster_autoscaler
cloud.azure.aks.guard
cloud.azure.aks.kube_apiserver
cloud.azure.aks.kube_audit
cloud.azure.aks.kube_audit_admin
cloud.azure.aks.kube_controller_manager
cloud.azure.aks.kube_scheduler

More info about these parsers

cloud.azure.monitor.alert
cloud.azure.monitor.audit

More info about these parsers

cloud.azure.metrics.metricsBlobLog
cloud.azure.metrics.metricsCapacityBlob
cloud.azure.metrics.metricsTableLog
cloud.azure.metrics.metricsTransactionsBlob
cloud.azure.metrics.metricsTransactionsQueue
cloud.azure.metrics.metricsTransactionsTable

More info about these parsers

cloud.azure.others.administrative
cloud.azure.others.autoscale
cloud.azure.others.events
cloud.azure.others.policy
cloud.azure.others.recommendation
cloud.azure.others.resourcehealth

More info about these parsers

cloud.azure.sec.nsg
cloud.azure.sec.rms

More info about these parsers

cloud.azure.securitycenter.security

More info about these parsers

cloud.azure.servicebus.metrics
cloud.azure.servicebus.operational

More info about these parsers

cloud.azure.siterecovery.addon_backup_jobs
cloud.azure.siterecovery.addon_backup_policy
cloud.azure.siterecovery.addon_backup_protected_inst
cloud.azure.siterecovery.addon_backup_storage
cloud.azure.siterecovery.backup_report
cloud.azure.siterecovery.core_backup
cloud.azure.siterecovery.net_sec_group_event
cloud.azure.siterecovery.net_sec_group_rule_counter
cloud.azure.siterecovery.site_rec_recovery_points
cloud.azure.siterecovery.site_rec_rep_stats
cloud.azure.siterecovery.site_rec_replicated_items

More info about these parsers

cloud.azure.sql.automatic_tuning
cloud.azure.sql.resourceusagestats
cloud.azure.sql.securityauditevents
cloud.azure.sql.query_store_runtime

More info about these parsers

cloud.azure.storage.administrative

More info about these parsers

cloud.azure.vm.administrative
cloud.azure.vm.metrics_simple
cloud.azure.vm.policy
cloud.azure.vm.resourcehealth

More info about these parsers

cloud.azure.vmscalesets.administrative
cloud.azure.vmscalesets.autoscale
cloud.azure.vmscalesets.policy
cloud.azure.vmscalesets.resourcehealth

More info about these parsers

Box cloud content management

cloud.box.events

More info about these parsers

Cloudflare

cloud.cloudflare.logpush.<eventType>
cloud.cloudflare.logpush.http

More info about these parsers

Cloud Foundry application

cloud.cloud_foundry.application
cloud.cloud_foundry.uaa
cloud.cloud_foundry.credhub
cloud.cloud_foundry.bosh

More info about these parsers

Google Cloud

cloud.gcp.scc.event_threat

More info about these parsers

Cisco Meraki

cloud.meraki.api.changelog

More info about these parsers

Netskope cloud

cloud.netskope.events

Microsoft Office 365 (hosted on Azure)

Microsoft Office 365 Business event and alert logs

cloud.office365.exchange
cloud.office365.management
cloud.office365.messagetracing

More info about these parsers

cloud.office365.siem_agent_event
cloud.office365.siem_agent_alert

More info about these parsers

Rubrik cloud data management

cloud.rubrik.events

VMware Tanzu Operations Manager

cloud.vmware_tanmzu.opsmanager.audit

More info about these parsers