/
cloud.aws.configlogs
Document toolboxDocument toolbox

cloud.aws.configlogs

Owned by Juan Tomás Alonso Nieto (Deactivated), created
Last updated: May 22, 2023
2 min read
[ 1 Introduction ] [ 2 Valid tags and data tables  ] [ 3 Table structure ]

Introduction

The tags beginning with cloud.aws.configlogs identify events generated by AWS Config.

Valid tags and data tables 

The full tag must have 4 levels. The first 3 are fixed as cloud.aws.configlogs. The fourth level indicates the event subtype.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

Product / Service

Tags

Data tables

AWS Config

cloud.aws.configlogs.events

cloud.aws.configlogs.events

For more information, read more About Devo tags.

Table structure

These are the fields displayed in this table:

Field

Type

Field transformation

Source field name

Extra fields

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

 

fileVersion

str

 

 

 

configurationItems_str

str

stringify(json(configurationItems))

configurationItems

 

configurationItemDiff_changedProperties_Relationships0_previousValue_resourceId

str

 

 

 

configurationItemDiff_changedProperties_Relationships0_previousValue_resourceType

str

 

 

 

configurationItemDiff_changedProperties_Relationships0_previousValue_name

str

 

 

 

configurationItemDiff_changedProperties_Relationships0_updatedValue_resourceId

str

 

 

 

configurationItemDiff_changedProperties_Relationships0_updatedValue_resourceType

str

 

 

 

configurationItemDiff_changedProperties_Relationships0_updatedValue_name

str

 

 

 

configurationItemDiff_changedProperties_Relationships0_changeType

str

 

 

 

configurationItemDiff_changedProperties_Relationships1_previousValue_resourceId

str

 

 

 

configurationItemDiff_changedProperties_Relationships1_previousValue_resourceType

str

 

 

 

configurationItemDiff_changedProperties_Relationships1_previousValue_name

str

 

 

 

configurationItemDiff_changedProperties_Relationships1_updatedValue_resourceId

str

 

 

 

configurationItemDiff_changedProperties_Relationships1_updatedValue_resourceType

str

 

 

 

configurationItemDiff_changedProperties_Relationships1_updatedValue_name

str

 

 

 

configurationItemDiff_changedProperties_Relationships1_changeType

str

 

 

 

configurationItemDiff_changedProperties_Relationships2_previousValue_resourceId

str

 

 

 

configurationItemDiff_changedProperties_Relationships2_previousValue_resourceType

str

 

 

 

configurationItemDiff_changedProperties_Relationships2_previousValue_name

str

 

 

 

configurationItemDiff_changedProperties_Relationships2_updatedValue_resourceId

str

 

 

 

configurationItemDiff_changedProperties_Relationships2_updatedValue_resourceType

str

 

 

 

configurationItemDiff_changedProperties_Relationships2_updatedValue_name

str

 

 

 

configurationItemDiff_changedProperties_Relationships2_changeType

str

 

 

 

configurationItemDiff_changeType

str

 

 

 

configurationItem_relatedEvents

str

 

 

 

configurationItem_relationships_resourceId_str

str

replace(replace(stringify(json(configurationItem_relationships_resourceId)), "[", ""), "]", "")

configurationItem_relationships_resourceId

 

configurationItem_relationships_resourceName_str

str

replace(replace(stringify(json(configurationItem_relationships_resourceName)), "[", ""), "]", "")

configurationItem_relationships_resourceName

 

configurationItem_relationships_resourceType_str

str

configurationItem_relationships_resourceType

 

configurationItem_relationships_name_str

str

configurationItem_relationships_name

 

configurationItem_configuration_description

str

 

 

 

configurationItem_configuration_groupName

str

 

 

 

configurationItem_configuration_ipPermissions_ipProtocol_str

str

configurationItem_configuration_ipPermissions_ipProtocol

 

configurationItem_configuration_ipPermissions_ipv6Ranges_str

str

configurationItem_configuration_ipPermissions_ipv6Ranges

 

configurationItem_configuration_ipPermissions_prefixListIds_str

str

configurationItem_configuration_ipPermissions_prefixListIds

 

configurationItem_configuration_ipPermissions_userIdGroupPairs_str

str

configurationItem_configuration_ipPermissions_userIdGroupPairs

 

configurationItem_configuration_ipPermissions_ipv4Ranges_str

str

configurationItem_configuration_ipPermissions_ipv4Ranges

 

configurationItem_configuration_ipPermissions_ipRanges_str

str

configurationItem_configuration_ipPermissions_ipRanges

 

configurationItem_configuration_ownerId

str

 

 

 

configurationItem_configuration_groupId

str

 

 

 

configurationItem_configuration_ipPermissionsEgress_ipProtocol_str

str

configurationItem_configuration_ipPermissionsEgress_ipProtocol

 

configurationItem_configuration_ipPermissionsEgress_ipv6Ranges_str

str

configurationItem_configuration_ipPermissionsEgress_ipv6Ranges

 

configurationItem_configuration_ipPermissionsEgress_prefixListIds_str

str

configurationItem_configuration_ipPermissionsEgress_prefixListIds

 

configurationItem_configuration_ipPermissionsEgress_userIdGroupPairs_str

str

configurationItem_configuration_ipPermissionsEgress_userIdGroupPairs

 

configurationItem_configuration_ipPermissionsEgress_ipv4Ranges_str

str

configurationItem_configuration_ipPermissionsEgress_ipv4Ranges

 

configurationItem_configuration_ipPermissionsEgress_ipRanges_str

str

configurationItem_configuration_ipPermissionsEgress_ipRanges

 

configurationItem_configuration_tags

str

 

 

 

configurationItem_configuration_vpcId

str

 

 

 

configurationItem_supplementaryConfiguration

str

 

 

 

configurationItem_supplementaryConfiguration__EnableTerminationProtection

bool

 

 

 

configurationItem_supplementaryConfiguration_StackResourceSummaries_updateReplacePolicy_str

str

configurationItem_supplementaryConfiguration_StackResourceSummaries_updateReplacePolicy

 

configurationItem_supplementaryConfiguration_StackResourceSummaries_deletionPolicy_str

str

configurationItem_supplementaryConfiguration_StackResourceSummaries_deletionPolicy

 

configurationItem_supplementaryConfiguration_StackResourceSummaries_logicalResourceId_str

str

configurationItem_supplementaryConfiguration_StackResourceSummaries_logicalResourceId

 

configurationItem_supplementaryConfiguration_StackResourceSummaries_physicalResourceId_str

str

configurationItem_supplementaryConfiguration_StackResourceSummaries_physicalResourceId

 

configurationItem_supplementaryConfiguration_StackResourceSummaries_resourceType_str

str

configurationItem_supplementaryConfiguration_StackResourceSummaries_resourceType

 

configurationItem_supplementaryConfiguration_StackResourceSummaries_lastUpdatedTimestamp_str

str

configurationItem_supplementaryConfiguration_StackResourceSummaries_lastUpdatedTimestamp

 

configurationItem_supplementaryConfiguration_StackResourceSummaries_resourceStatus_str

str

configurationItem_supplementaryConfiguration_StackResourceSummaries_resourceStatus

 

configurationItem_supplementaryConfiguration_StackResourceSummaries_driftInformation_stackResourceDriftStatus_str

str

configurationItem_supplementaryConfiguration_StackResourceSummaries_driftInformation_stackResourceDriftStatus

 

supplementaryConfiguration_unsupportedResources

str

 

 

 

configurationItem_tags

str

 

 

 

configurationItem_configurationItemVersion

str

 

 

 

configurationItem_configurationItemCaptureTime

timestamp

 

 

 

configurationItem_configurationStateId

int8

 

 

 

configurationItem_awsAccountId

str

 

 

 

configurationItem_configurationItemStatus

str

 

 

 

configurationItem_resourceType

str

 

 

 

configurationItem_resourceId

str

 

 

 

configurationItem_resourceName

str

 

 

 

configurationItem_ARN

str

 

 

 

configurationItem_awsRegion

str

 

 

 

configurationItem_availabilityZone

str

 

 

 

configurationItem_configurationStateMd5Hash

str

 

 

 

configurationItem_resourceCreationTime

timestamp

 

 

 

configurationItem_fileVersion

str

 

 

 

configurationItem_configSnapshotId

str

 

 

 

configurationItem_eventTimestamp

timestamp

 

 

 

configurationItem_configuration_stackId

str

 

 

 

configurationItem_configuration_stackName

str

 

 

 

configurationItem_configuration_creationTime

str

configurationItem_configuration_creationTime_tmp

 

configurationItem_configuration_lastUpdatedTime

str

 

 

 

configurationItem_configuration_stackStatus

str

 

 

 

configurationItem_configuration_disableRollback

bool

 

 

 

configurationItem_configuration_notificationARNs_str

str

configurationItem_configuration_notificationARNs

 

configurationItem_configuration_capabilities_str

str

configurationItem_configuration_capabilities

 

configurationItem_configuration_outputs_str

str

configurationItem_configuration_outputs

 

configurationItem_configuration_driftInformation_stackDriftStatus

str

 

 

 

notificationCreationTime

timestamp

 

 

 

messageType

str

 

 

 

recordVersion

str

 

 

 

`timestamp`

timestamp

 

configurationItem_configurationItemCaptureTime

 

ACCID

str

 

 

 

REGION

str

 

 

 

hostchain

str

 

 

tag

str

 

 

rawMessage

str

 

 

Related content

cloud.aws.guardduty
cloud.aws.guardduty
Devo latest
More like this
cloud.aws.cloudflare
cloud.aws.cloudflare
Devo latest
More like this
web.aws
web.aws
Devo latest
More like this
cloud.aws.cloudtrail
cloud.aws.cloudtrail
Devo latest
More like this
cloud.aws.cloudfront
cloud.aws.cloudfront
Devo latest
More like this
cloud.aws.security_lake
cloud.aws.security_lake
Devo latest
More like this