cloud.aws.vpc
- Juan Tomás Alonso Nieto (Deactivated)
Introduction
The tags beginning with cloud.aws.vpc identify events generated by Amazon VPC.
Valid tags and data tablesÂ
The full tag must have 4 levels. The first two are fixed as cloud.aws.vpc. The fourth level indicates the event subtype.
These are the valid tags and corresponding data tables that will receive the parsers' data:
Product / Service | Tags | Data tables |
|---|---|---|
Amazon VPC |
|
|
For more information, read more About Devo tags.
Table structure
These are the fields displayed in this table:
cloud.aws.vpc.flow
Field | Type | Source field name | Extra fields |
|---|---|---|---|
eventdate |
| Â | Â |
ACCID_TAG |
| ACCID | Â |
REGION_TAG |
| REGION | Â |
version |
| Â | Â |
accountId |
| Â | Â |
interface_id |
| Â | Â |
srcaddr |
| Â | Â |
dstaddr |
| Â | Â |
srcport |
| Â | Â |
dstport |
| Â | Â |
protocol |
| Â | Â |
packets |
| Â | Â |
bytes |
| Â | Â |
start_date |
| Â | Â |
end_date |
| Â | Â |
action |
| Â | Â |
log_status |
| Â | Â |
vpc_id |
| Â | Â |
subnet_id |
| Â | Â |
instance_id |
| Â | Â |
tcp_flags |
| Â | Â |
type |
| Â | Â |
pkt_srcaddr |
| Â | Â |
pkt_dstaddr |
| Â | Â |
region |
| Â | Â |
az_id |
| Â | Â |
sublocation_type |
| Â | Â |
sublocation_id |
| Â | Â |
pkt_src_aws_service |
| Â | Â |
pkt_dst_aws_service |
| Â | Â |
flow_direction |
| Â | Â |
traffic_path |
| Â | Â |
message |
| rawMessage | Â |
hostchain |
|  | ✓ |
tag |
|  | ✓ |
rawMessage |
| Â | v |