Document toolboxDocument toolbox

Cloud

Owned by Juan Tomás Alonso Nieto (Unlicensed)
Last updated: Feb 14, 2022
3 min read

This group includes tags that start with the level cloud. These tags identify data generated by Cloud services.

Company Product / service Data tables

AWS CloudTrail

  • cloud.aws.cloudtrail.access_analyzer
  • cloud.aws.cloudtrail.acm
  • cloud.aws.cloudtrail.acm_pca
  • cloud.aws.cloudtrail.amazonmq
  • cloud.aws.cloudtrail.apigateway
  • cloud.aws.cloudtrail.appmesh
  • cloud.aws.cloudtrail.appstream
  • cloud.aws.cloudtrail.appsync
  • cloud.aws.cloudtrail.athena
  • cloud.aws.cloudtrail.backup
  • cloud.aws.cloudtrail.batch
  • cloud.aws.cloudtrail.billingconsole
  • cloud.aws.cloudtrail.budgets
  • cloud.aws.cloudtrail.cloudsearch
  • cloud.aws.cloudtrail.cloudshell
  • cloud.aws.cloudtrail.codeartifact
  • cloud.aws.cloudtrail.codebuild
  • cloud.aws.cloudtrail.codecommit
  • cloud.aws.cloudtrail.codedeploy
  • cloud.aws.cloudtrail.codepipeline
  • cloud.aws.cloudtrail.cognito_identify
  • cloud.aws.cloudtrail.cognito_idp
  • cloud.aws.cloudtrail.comprehend
  • cloud.aws.cloudtrail.config
  • cloud.aws.cloudtrail.datapipeline
  • cloud.aws.cloudtrail.dax
  • cloud.aws.cloudtrail.digest_logfile
  • cloud.aws.cloudtrail.digest_meta
  • cloud.aws.cloudtrail.directconnect
  • cloud.aws.cloudtrail.dms
  • cloud.aws.cloudtrail.ds
  • cloud.aws.cloudtrail.ecr_public
  • cloud.aws.cloudtrail.ecs
  • cloud.aws.cloudtrail.elasticache
  • cloud.aws.cloudtrail.elasticbeanstalk
  • cloud.aws.cloudtrail.elastictranscoder
  • cloud.aws.cloudtrail.es
  • cloud.aws.cloudtrail.firehose
  • cloud.aws.cloudtrail.fsx
  • cloud.aws.cloudtrail.glacier
  • cloud.aws.cloudtrail.glue
  • cloud.aws.cloudtrail.guardduty
  • cloud.aws.cloudtrail.identifystore
  • cloud.aws.cloudtrail.kafka
  • cloud.aws.cloudtrail.kinesisanalytics
  • cloud.aws.cloudtrail.kinesisvideo
  • cloud.aws.cloudtrail.lakeformation
  • cloud.aws.cloudtrail.license_manager
  • cloud.aws.cloudtrail.lightsail
  • cloud.aws.cloudtrail.mediaconnect
  • cloud.aws.cloudtrail.mediaconvert
  • cloud.aws.cloudtrail.mediapackage
  • cloud.aws.cloudtrail.mediastore
  • cloud.aws.cloudtrail.mediatailor
  • cloud.aws.cloudtrail.network_firewall
  • cloud.aws.cloudtrail.opsworks
  • cloud.aws.cloudtrail.opsworks_cm
  • cloud.aws.cloudtrail.pi
  • cloud.aws.cloudtrail.pricelist
  • cloud.aws.cloudtrail.ram
  • cloud.aws.cloudtrail.rekognition
  • cloud.aws.cloudtrail.route53domains
  • cloud.aws.cloudtrail.route53resolver
  • cloud.aws.cloudtrail.sagemaker
  • cloud.aws.cloudtrail.savingsplans
  • cloud.aws.cloudtrail.schemas
  • cloud.aws.cloudtrail.securityhub
  • cloud.aws.cloudtrail.servicecatalog
  • cloud.aws.cloudtrail.servicecatalog_appregistry
  • cloud.aws.cloudtrail.servicediscovery
  • cloud.aws.cloudtrail.servicesquotas
  • cloud.aws.cloudtrail.shield
  • cloud.aws.cloudtrail.sms
  • cloud.aws.cloudtrail.soo_directory
  • cloud.aws.cloudtrail.ssm
  • cloud.aws.cloudtrail.states
  • cloud.aws.cloudtrail.storagegateway
  • cloud.aws.cloudtrail.support
  • cloud.aws.cloudtrail.swf
  • cloud.aws.cloudtrail.translate
  • cloud.aws.cloudtrail.trustedadvisor
  • cloud.aws.cloudtrail.waf
  • cloud.aws.cloudtrail.waf_regional
  • cloud.aws.cloudtrail.wafv2
  • cloud.aws.cloudtrail.wellarchitected
  • cloud.aws.cloudtrail.workspaces
  • cloud.aws.cloudtrail.xray

Check more info about these parsers

AWS CloudWatch

  • cloud.aws.cloudwatch.events

Check more info about this parser

AWS Simple Queue Service (SQS)

  • cloud.aws.sqs.audit

AWS Web Application Firewall (WAF)

  • cloud.aws.waf.logs

Developing Solutions for Microsoft Azure - Teorema




Azure Active Directory

  • cloud.azure.ad.audit
  • cloud.azure.ad.managed_identity_signin
  • cloud.azure.ad.noninteractive_user_signin
  • cloud.azure.ad.provisioning
  • cloud.azure.ad.risky_users
  • cloud.azure.ad.service_principal_signin
  • cloud.azure.ad.signin
  • cloud.azure.ad.user_risk_events

Check more info about these parsers

Azure Activity log

  • cloud.azure.activity.events

Check more info about these parsers

Azure App Service
  • cloud.azure.appservice.administrative
  • cloud.azure.appservice.policy

Check more info about these parsers

Azure Application Gateway
  • cloud.azure.appgetaway.access_log
  • cloud.azure.appgetaway.administrative
  • cloud.azure.appgetaway.firewall_log
  • cloud.azure.appgetaway.policy

Check more info about these parsers

Azure Container Registry
  • cloud.azure.contregistry.login

Check more info about these parsers

Azure Data Factory
  • cloud.azure.datafactory.administrative

Check more info about these parsers

Azure Database for PostgreSQL
  • cloud.azure.postgresql.events

Check more info about these parsers

Azure Diagnostics extension

  • cloud.azure.wad.waddirectories
  • cloud.azure.wad.wadperformancecounters
  • cloud.azure.wad.wadwindowseventlogs

Check more info about these parsers

Azure Event Hub

Check more info about these parsers

Azure Firewall
  • cloud.azure.firewall.application_rule
  • cloud.azure.firewall.network_rule
  • cloud.azure.firewall.dns_proxy

Check more info about these parsers

Azure Front Door
  • cloud.azure.frontdoor.access
  • cloud.azure.frontdoor.waf

Check more info about these parsers

Azure Host Pool
  • cloud.azure.hostpools
  • cloud.azure.hostpools.agenthealthstatus
  • cloud.azure.hostpools.checkpoint
  • cloud.azure.hostpools.connection
  • cloud.azure.hostpools.error
  • cloud.azure.hostpools.management

Check more info about these parsers

Azure Key Vault
  • cloud.azure.keyvault.administrative
  • cloud.azure.keyvault.audit
  • cloud.azure.keyvault.policy

Check more info about these parsers

Azure Kubernetes Service
  • cloud.azure.aks.cluster_autoscaler
  • cloud.azure.aks.guard
  • cloud.azure.aks.kube_apiserver
  • cloud.azure.aks.kube_audit
  • cloud.azure.aks.kube_audit_admin
  • cloud.azure.aks.kube_controller_manager
  • cloud.azure.aks.kube_scheduler

Check more info about these parsers

Azure Monitor
  • cloud.azure.monitor.alert
  • cloud.azure.monitor.audit

Check more info about these parsers

Azure Monitor Metrics

  • cloud.azure.metrics.metricsBlobLog
  • cloud.azure.metrics.metricsCapacityBlob
  • cloud.azure.metrics.metricsTableLog
  • cloud.azure.metrics.metricsTransactionsBlob
  • cloud.azure.metrics.metricsTransactionsQueue
  • cloud.azure.metrics.metricsTransactionsTable

Check more info about these parsers

Azure Monitor Metrics: other metrics
  • cloud.azure.others.administrative
  • cloud.azure.others.autoscale
  • cloud.azure.others.events
  • cloud.azure.others.policy
  • cloud.azure.others.recommendation
  • cloud.azure.others.resourcehealth

Check more info about these parsers

Azure Network Security
  • cloud.azure.sec.nsg
  • cloud.azure.sec.rms

Check more info about these parsers

Azure Security Center

  • cloud.azure.securitycenter.security

Check more info about these parsers

Azure Service Bus
  • cloud.azure.servicebus.metrics
  • cloud.azure.servicebus.operational

Check more info about these parsers

Azure Site Recovery
  • cloud.azure.siterecovery.addon_backup_jobs
  • cloud.azure.siterecovery.addon_backup_policy
  • cloud.azure.siterecovery.addon_backup_protected_inst
  • cloud.azure.siterecovery.addon_backup_storage
  • cloud.azure.siterecovery.backup_report
  • cloud.azure.siterecovery.core_backup
  • cloud.azure.siterecovery.net_sec_group_event
  • cloud.azure.siterecovery.net_sec_group_rule_counter
  • cloud.azure.siterecovery.site_rec_recovery_points
  • cloud.azure.siterecovery.site_rec_rep_stats
  • cloud.azure.siterecovery.site_rec_replicated_items

Check more info about these parsers

Azure SQL Database
  • cloud.azure.sql.automatic_tuning
  • cloud.azure.sql.resourceusagestats
  • cloud.azure.sql.securityauditevents
  • cloud.azure.sql.query_store_runtime

Check more info about these parsers

Azure Storage Server
  • cloud.azure.storage.administrative

Check more info about these parsers

Azure Virtual Machines
  • cloud.azure.vm.administrative
  • cloud.azure.vm.metrics_simple
  • cloud.azure.vm.policy
  • cloud.azure.vm.resourcehealth

Check more info about these parsers

Azure Virtual Machine Scale Sets
  • cloud.azure.vmscalesets.administrative
  • cloud.azure.vmscalesets.autoscale
  • cloud.azure.vmscalesets.policy
  • cloud.azure.vmscalesets.resourcehealth

Check more info about these parsers

Box (for Business) Review - Review 2019 - PCMag UK

Box cloud content management

  • cloud.box.events

Check more info about these parsers

Cloudflare

  • cloud.cloudflare.logpush.<eventType> 
  • cloud.cloudflare.logpush.http

Check more info about these parsers

Cloud Foundry - Wikipedia

Cloud Foundry application

  • cloud.cloud_foundry.application
  • cloud.cloud_foundry.uaa
  • cloud.cloud_foundry.credhub
  • cloud.cloud_foundry.bosh

Check more info about these parsers

Google Cloud

  • cloud.gcp.scc.event_threat

Check more info about these parsers

Cisco Meraki

  • cloud.meraki.api.changelog

Check more info about these parsers

Netskope and CrowdStrike Integrate to Deliver Zero-Day Endpoint Security - Netskope

Netskope cloud

  • cloud.netskope.events

Microsoft Office 365 (hosted on Azure)

  • cloud.office365.exchange
  • cloud.office365.management
  • cloud.office365.messagetracing

Check more info about these parsers

Microsoft Office 365 Business event and alert logs

  • cloud.office365.siem_agent_event
  • cloud.office365.siem_agent_alert

Check more info about these parsers

Rubrik cloud data management

  • cloud.rubrik.events

VMware Tanzu Operations Manager

  • cloud.vmware_tanmzu.opsmanager.audit

Check more info about these parsers