cef0.amazon
- Juan Tomás Alonso Nieto (Unlicensed)
Owned by Juan Tomás Alonso Nieto (Unlicensed)
Introduction
The tables cef0.amazon.* identify events in CEF format generated by Amazon Web Service (AWS) services.
Tag structure
Events in CEF format don't have a specific tag structure, as explained in Technologies supported in CEF syslog format. They are always sent to a table with the structure cef0.deviceVendor.deviceProduct.
In this case, the valid data tables are:
| Tag | Data table |
|---|---|
| cef0.amazon.acm | cef0.amazon.acm |
| cef0.amazon.autoscaling | cef0.amazon.autoscaling |
| cef0.amazon.applicationInsights | cef0.amazon.applicationInsights |
| cef0.amazon.appstream | cef0.amazon.appstream |
| cef0.amazon.aws | cef0.amazon.aws |
| cef0.amazon.backup | cef0.amazon.backup |
| cef0.amazon.ce | cef0.amazon.ce |
| cef0.amazon.clouddirectory | cef0.amazon.clouddirectory |
| cef0.amazon.cloudhsm | cef0.amazon.cloudhsm |
| cef0.amazon.cloudtrail | cef0.amazon.cloudtrail |
| cef0.amazon.codecommit | cef0.amazon.codecommit |
| cef0.amazon.codepipeline | cef0.amazon.codepipeline |
| cef0.amazon.cognitoIdp | cef0.amazon.cognitoIdp |
| cef0.amazon.computeOptimizer | cef0.amazon.computeOptimizer |
| cef0.amazon.config | cef0.amazon.config |
| cef0.amazon.datapipeline | cef0.amazon.datapipeline |
| cef0.amazon.directconnect | cef0.amazon.directconnect |
| cef0.amazon.ds | cef0.amazon.ds |
| cef0.amazon.dynamodb | cef0.amazon.dynamodb |
| cef0.amazon.ec2 | cef0.amazon.ec2 |
| cef0.amazon.ecr | cef0.amazon.ecr |
| cef0.amazon.ecs | cef0.amazon.ecs |
| cef0.amazon.elasticache | cef0.amazon.elasticache |
| cef0.amazon.elasticbeanstalk | cef0.amazon.elasticbeanstalk |
| cef0.amazon.elasticfilesystem | cef0.amazon.elasticfilesystem |
| cef0.amazon.elasticloadbalancing | cef0.amazon.elasticloadbalancing |
| cef0.amazon.elasticmapreduce | cef0.amazon.elasticmapreduce |
| cef0.amazon.eks | cef0.amazon.eks |
| cef0.amazon.es | cef0.amazon.es |
| cef0.amazon.forecast | cef0.amazon.forecast |
| cef0.amazon.forecast | cef0.amazon.forecast |
| cef0.amazon.gamelift | cef0.amazon.gamelift |
| cef0.amazon.glacier | cef0.amazon.glacier |
| cef0.amazon.guardduty | cef0.amazon.guardduty |
| cef0.amazon.health | cef0.amazon.health |
| cef0.amazon.iam | cef0.amazon.iam |
| cef0.amazon.iot | cef0.amazon.iot |
| cef0.amazon.kinesis | cef0.amazon.kinesis |
| cef0.amazon.kinesisanalytics | cef0.amazon.kinesisanalytics |
| cef0.amazon.kms | cef0.amazon.kms |
| cef0.amazon.lambda | cef0.amazon.lambda |
| cef0.amazon.logs | cef0.amazon.logs |
| cef0.amazon.migrationhub | cef0.amazon.migrationhub |
| cef0.amazon.monitoring | cef0.amazon.monitoring |
| cef0.amazon.organizations | cef0.amazon.organizations |
| cef0.amazon.pricelist | cef0.amazon.pricelist |
| cef0.amazon.quicksight | cef0.amazon.quicksight |
| cef0.amazon.ram | cef0.amazon.ram |
| cef0.amazon.rds | cef0.amazon.rds |
| cef0.amazon.redshift | cef0.amazon.redshift |
| cef0.amazon.resourceGroups | cef0.amazon.resourceGroups |
| cef0.amazon.route53 | cef0.amazon.route53 |
| cef0.amazon.s3 | cef0.amazon.s3 |
| cef0.amazon.sagemaker | cef0.amazon.sagemaker |
| cef0.amazon.sbd | cef0.amazon.sbd |
| cef0.amazon.secretsmanager | cef0.amazon.secretsmanager |
| cef0.amazon.securityhub | cef0.amazon.securityhub |
| cef0.amazon.servicediscovery | cef0.amazon.servicediscovery |
| cef0.amazon.ses | cef0.amazon.ses |
| cef0.amazon.sns | cef0.amazon.sns |
| cef0.amazon.ssm | cef0.amazon.ssm |
| cef0.amazon.storagegateway | cef0.amazon.storagegateway |
| cef0.amazon.sts | cef0.amazon.sts |
| cef0.amazon.swf | cef0.amazon.swf |
| cef0.amazon.tagging | cef0.amazon.tagging |
| cef0.amazon.trustedAdvisor | cef0.amazon.trustedAdvisor |
| cef0.amazon.workdocs | cef0.amazon.workdocs |
| cef0.amazon.workspaces | cef0.amazon.workspaces |
| cef0.amazon.servicequotas | cef0.amazon.servicequotas |
| cef0.amazon.dms | cef0.amazon.dms |
| cef0.amazon.billingconsole | cef0.amazon.billingconsole |
| cef0.amazon.route53resolver | cef0.amazon.route53resolver |
| cef0.amazon.firehose | cef0.amazon.firehose |
| cef0.amazon.licenseManager | cef0.amazon.licenseManager |
| cef0.amazon.accessAnalyzer | cef0.amazon.accessAnalyzer |
| cef0.amazon.dax | cef0.amazon.dax |
| cef0.amazon.dataexchange | cef0.amazon.dataexchange |
| cef0.amazon.codedeploy | cef0.amazon.codedeploy |
| cef0.amazon.wellarchitected | cef0.amazon.wellarchitected |
| cef0.amazon.fsx | cef0.amazon.fsx |
| cef0.amazon.sms | cef0.amazon.sms |
| cef0.amazon.discovery | cef0.amazon.discovery |
| cef0.amazon.pi | cef0.amazon.pi |
| cef0.amazon.redshiftData | cef0.amazon.redshiftData |
| cef0.amazon.ec2InstanceConnect | cef0.amazon.ec2InstanceConnect |
| cef0.amazon.events | cef0.amazon.events |
| cef0.amazon.mgn | cef0.amazon.mgn |
| cef0.amazon.greengrass | cef0.amazon.greengrass |
| cef0.amazon.outposts | cef0.amazon.outposts |
| cef0.amazon.xray | cef0.amazon.xray |
| cef0.amazon.cognitoIdentity | cef0.amazon.cognitoIdentity |
| cef0.amazon.robomaker | cef0.amazon.robomaker |
| cef0.amazon.databrew | cef0.amazon.databrew |
| cef0.amazon.macie2 | cef0.amazon.macie2 |
| cef0.amazon.networkFirewall | cef0.amazon.networkFirewall |
| cef0.amazon.networkmanager | cef0.amazon.networkmanager |
| cef0.amazon.savingsplans | cef0.amazon.savingsplans |
| cef0.amazon.glue | cef0.amazon.glue |
| cef0.amazon.states | cef0.amazon.states |
| cef0.amazon.amazonmq | cef0.amazon.amazonmq |
| cef0.amazon.appconfig | cef0.amazon.appconfig |
| cef0.amazon.comprehend | cef0.amazon.comprehend |
| cef0.amazon.dlm | cef0.amazon.dlm |
| cef0.amazon.globalaccelerator | cef0.amazon.globalaccelerator |
| cef0.amazon.iotevents | cef0.amazon.iotevents |
| cef0.amazon.waf | cef0.amazon.waf |
| cef0.amazon.wafRegional | cef0.amazon.wafRegional |
| cef0.amazon.wafv2 | cef0.amazon.wafv2 |
| cef0.amazon.cloud9 | cef0.amazon.cloud9 |
| cef0.amazon.codebuild | cef0.amazon.codebuild |
| cef0.amazon.codeguruReviewer | cef0.amazon.codeguruReviewer |
| cef0.amazon.emrContainers | cef0.amazon.emrContainers |
| cef0.amazon.iotanalytics | cef0.amazon.iotanalytics |
| cef0.amazon.kafka | cef0.amazon.kafka |
| cef0.amazon.opsworks | cef0.amazon.opsworks |
| cef0.amazon.qldb | cef0.amazon.qldb |
| cef0.amazon.sqs | cef0.amazon.sqs |
| cef0.amazon.synthetics | cef0.amazon.synthetics |
| cef0.amazon.profile | cef0.amazon.profile |
| cef0.amazon.route53domains | cef0.amazon.route53domains |
| cef0.amazon.serverlessrepo | cef0.amazon.serverlessrepo |
| cef0.amazon.shield | cef0.amazon.shield |
| cef0.amazon.lightsail | cef0.amazon.lightsail |
| cef0.amazon.imagebuilder | cef0.amazon.imagebuilder |
| cef0.amazon.groundstation | cef0.amazon.groundstation |
| cef0.amazon.frauddetector | cef0.amazon.frauddetector |
| cef0.amazon.fms | cef0.amazon.fms |
How is the data sent to Devo?
Learn more about CEF syslog format and how Devo tags these events in Technologies supported in CEF syslog format.
Log samples
The following are sample logs sent to some of the cef0.amazon tables. Find how the information will be parsed in your data table under each sample log.
Extra columns
Fields marked as Extra in the table below are not shown by default in data tables and need to be explicitly requested in the query. You can find them marked as Extra when you perform a query so they can be easily identified. Learn more about this in Selecting unrevealed columns.