cloud.aws.vpc
- Juan Tomás Alonso Nieto (Deactivated)
Analytics
Introduction
The tags beginning with cloud.aws.vpc identify events generated by Amazon VPC.
Valid tags and data tables
The full tag must have 4 levels. The first two are fixed as cloud.aws.vpc. The fourth level indicates the event subtype.
These are the valid tags and corresponding data tables that will receive the parsers' data:
Product / Service | Tags | Data tables |
|---|---|---|
Amazon VPC |
|
|
For more information, read more About Devo tags.
Table structure
These are the fields displayed in this table:
cloud.aws.vpc.flow
Field | Type | Source field name | Extra fields |
|---|---|---|---|
eventdate |
|
|
|
ACCID_TAG |
| ACCID |
|
REGION_TAG |
| REGION |
|
version |
|
|
|
accountId |
|
|
|
interface_id |
|
|
|
srcaddr |
|
|
|
dstaddr |
|
|
|
srcport |
|
|
|
dstport |
|
|
|
protocol |
|
|
|
packets |
|
|
|
bytes |
|
|
|
start_date |
|
|
|
end_date |
|
|
|
action |
|
|
|
log_status |
|
|
|
vpc_id |
|
|
|
subnet_id |
|
|
|
instance_id |
|
|
|
tcp_flags |
|
|
|
type |
|
|
|
pkt_srcaddr |
|
|
|
pkt_dstaddr |
|
|
|
region |
|
|
|
az_id |
|
|
|
sublocation_type |
|
|
|
sublocation_id |
|
|
|
pkt_src_aws_service |
|
|
|
pkt_dst_aws_service |
|
|
|
flow_direction |
|
|
|
traffic_path |
|
|
|
message |
| rawMessage |
|
hostchain |
|
| ✓ |
tag |
|
| ✓ |
rawMessage |
|
| v |