cloud.aws.cloudtrail

[ 1 Introduction ] [ 2 Valid tags and data tables ] [ 3 How is the data sent to Devo? ]

Introduction

The tags beginning with cloud.aws.cloudtrail identify events generated by AWS CloudTrail.

Valid tags and data tables

The full tag must have 4 levels. The first 3 are fixed as cloud.aws.cloudtrail. The fourth level identifies the subtype of events sent.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service	Tags	Data table

For more information, read more About Devo tags.

How is the data sent to Devo?

Download your Devo domain certificate files

Log into the Devo web application, go to Administration → Credentials → X.509 Certificates and download the X.509 Certificate and Private Key. These will be used later.

Learn more about Devo security credentials in this section.

Set up the CloudTrail trail

Log into your AWS Console, go to CloudTrail → Trails. Click Create trail.
Enter a Name for the new trail like awsMonitoring. Choose Yes for Apply trail to all regions.
Under Management events, choose All for Read/Write events.
Under Data events - S3, select the Select all S3 buckets in your account checkbox. Do nothing in the Lambda tab.
Under Storage location, choose Yes for Create a new S3 bucket and enter a name for the new bucket. We suggest cloudtrail-aws-monitoring. You can accept the default values in the Advanced settings.
Click Create.

Forwarding the events

After setting up your CloudTrail trail, you can start forwarding your events using either Node.js or Python:

Product / Service	Tags	Data table
AWS CloudTrail	`cloud.aws.cloudtrail`	`cloud.aws.cloudtrail`
	`cloud.aws.cloudtrail.access_analyzer`	`cloud.aws.cloudtrail.access_analyzer`
	`cloud.aws.cloudtrail.acm`	`cloud.aws.cloudtrail.acm`
	`cloud.aws.cloudtrail.acm_pca`	`cloud.aws.cloudtrail.acm_pca`
	`cloud.aws.cloudtrail.amazonmq`	`cloud.aws.cloudtrail.amazonmq`
	`cloud.aws.cloudtrail.apigateway`	`cloud.aws.cloudtrail.apigateway`
	`cloud.aws.cloudtrail.appmesh`	`cloud.aws.cloudtrail.appmesh`
	`cloud.aws.cloudtrail.appstream`	`cloud.aws.cloudtrail.appstream`
	`cloud.aws.cloudtrail.appsync`	`cloud.aws.cloudtrail.appsync`
	`cloud.aws.cloudtrail.athena`	`cloud.aws.cloudtrail.athena`
	`cloud.aws.cloudtrail.audit`	`cloud.aws.cloudtrail.audit`
	`cloud.aws.cloudtrail.autoscaling`	`cloud.aws.cloudtrail.autoscaling`
	`cloud.aws.cloudtrail.backup`	`cloud.aws.cloudtrail.backup`
	`cloud.aws.cloudtrail.batch`	`cloud.aws.cloudtrail.batch`
	`cloud.aws.cloudtrail.billingconsole`	`cloud.aws.cloudtrail.billingconsole`
	`cloud.aws.cloudtrail.budgets`	`cloud.aws.cloudtrail.budgets`
	`cloud.aws.cloudtrail.ce`	`cloud.aws.cloudtrail.ce`
	`cloud.aws.cloudtrail.cloudformation`	`cloud.aws.cloudtrail.cloudformation`
	`cloud.aws.cloudtrail.cloudfront`	`cloud.aws.cloudtrail.cloudfront`
	`cloud.aws.cloudtrail.cloudhsm`	`cloud.aws.cloudtrail.cloudhsm`
	`cloud.aws.cloudtrail.cloudsearch`	`cloud.aws.cloudtrail.cloudsearch`
	`cloud.aws.cloudtrail.cloudshell`	`cloud.aws.cloudtrail.cloudshell`
	`cloud.aws.cloudtrail.cloudtrail`	`cloud.aws.cloudtrail.cloudtrail`
	`cloud.aws.cloudtrail.codeartifact`	`cloud.aws.cloudtrail.codeartifact`
	`cloud.aws.cloudtrail.codebuild`	`cloud.aws.cloudtrail.codebuild`
	`cloud.aws.cloudtrail.codecommit`	`cloud.aws.cloudtrail.codecommit`
	`cloud.aws.cloudtrail.codedeploy`	`cloud.aws.cloudtrail.codedeploy`
	`cloud.aws.cloudtrail.codepipeline`	`cloud.aws.cloudtrail.codepipeline`
	`cloud.aws.cloudtrail.cognito_identify`	`cloud.aws.cloudtrail.cognito_identify`
	`cloud.aws.cloudtrail.cognito_idp`	`cloud.aws.cloudtrail.cognito_idp`
	`cloud.aws.cloudtrail.comprehend`	`cloud.aws.cloudtrail.comprehend`
	`cloud.aws.cloudtrail.config`	`cloud.aws.cloudtrail.config`
	`cloud.aws.cloudtrail.datapipeline`	`cloud.aws.cloudtrail.datapipeline`
	`cloud.aws.cloudtrail.dax`	`cloud.aws.cloudtrail.dax`
	`cloud.aws.cloudtrail.digest_logfile`	`cloud.aws.cloudtrail.digest_logfile`
	`cloud.aws.cloudtrail.digest_meta`	`cloud.aws.cloudtrail.digest_meta`
	`cloud.aws.cloudtrail.directconnect`	`cloud.aws.cloudtrail.directconnect`
	`cloud.aws.cloudtrail.dms`	`cloud.aws.cloudtrail.dms`
	`cloud.aws.cloudtrail.ds`	`cloud.aws.cloudtrail.ds`
	`cloud.aws.cloudtrail.dynamodb`	`cloud.aws.cloudtrail.dynamodb`
	`cloud.aws.cloudtrail.ec2`	`cloud.aws.cloudtrail.ec2`
	`cloud.aws.cloudtrail.ecr`	`cloud.aws.cloudtrail.ecr`
	`cloud.aws.cloudtrail.ecr_public`	`cloud.aws.cloudtrail.ecr_public`
	`cloud.aws.cloudtrail.ecs`	`cloud.aws.cloudtrail.ecs`
	`cloud.aws.cloudtrail.eks`	`cloud.aws.cloudtrail.eks`
	`cloud.aws.cloudtrail.elasticache`	`cloud.aws.cloudtrail.elasticache`
	`cloud.aws.cloudtrail.elasticacbeanstalk`	`cloud.aws.cloudtrail.elasticacbeanstalk`
	`cloud.aws.cloudtrail.elasticacloadbalancing`	`cloud.aws.cloudtrail.elasticacloadbalancing`
	`cloud.aws.cloudtrail.elasticmapreduce`	`cloud.aws.cloudtrail.elasticmapreduce`
	`cloud.aws.cloudtrail.elastictranscoder`	`cloud.aws.cloudtrail.elastictranscoder`
	`cloud.aws.cloudtrail.es`	`cloud.aws.cloudtrail.es`
	`cloud.aws.cloudtrail.events`	`cloud.aws.cloudtrail.events`
	`cloud.aws.cloudtrail.firehose`	`cloud.aws.cloudtrail.firehose`
	`cloud.aws.cloudtrail.fsx`	`cloud.aws.cloudtrail.fsx`
	`cloud.aws.cloudtrail.glacier`	`cloud.aws.cloudtrail.glacier`
	`cloud.aws.cloudtrail.glue`	`cloud.aws.cloudtrail.glue`
	`cloud.aws.cloudtrail.guardduty`	`cloud.aws.cloudtrail.guardduty`
	`cloud.aws.cloudtrail.health`	`cloud.aws.cloudtrail.health`
	`cloud.aws.cloudtrail.iam`	`cloud.aws.cloudtrail.iam`
	`cloud.aws.cloudtrail.identifystore`	`cloud.aws.cloudtrail.identifystore`
	`cloud.aws.cloudtrail.insights`	`cloud.aws.cloudtrail.insights`
	`cloud.aws.cloudtrail.inspector`	`cloud.aws.cloudtrail.inspector`
	`cloud.aws.cloudtrail.kafka`	`cloud.aws.cloudtrail.kafka`
	`cloud.aws.cloudtrail.kinesis`	`cloud.aws.cloudtrail.kinesis`
`cloud.aws.cloudtrail.kinesisanalytics`	`cloud.aws.cloudtrail.kinesisanalytics`
`cloud.aws.cloudtrail.kinesisvideo`	`cloud.aws.cloudtrail.kinesisvideo`
`cloud.aws.cloudtrail.kms`	`cloud.aws.cloudtrail.kms`
`cloud.aws.cloudtrail.lakeformation`	`cloud.aws.cloudtrail.lakeformation`
`cloud.aws.cloudtrail.lambda`	`cloud.aws.cloudtrail.lambda`
`cloud.aws.cloudtrail.license_manager`	`cloud.aws.cloudtrail.license_manager`
`cloud.aws.cloudtrail.lightsail`	`cloud.aws.cloudtrail.lightsail`
`cloud.aws.cloudtrail.logs`	`cloud.aws.cloudtrail.logs`
`cloud.aws.cloudtrail.mediaconnect`	`cloud.aws.cloudtrail.mediaconnect`
`cloud.aws.cloudtrail.mediaconvert`	`cloud.aws.cloudtrail.mediaconvert`
`cloud.aws.cloudtrail.mediapackage`	`cloud.aws.cloudtrail.mediapackage`
`cloud.aws.cloudtrail.mediastore`	`cloud.aws.cloudtrail.mediastore`
`cloud.aws.cloudtrail.mediatailor`	`cloud.aws.cloudtrail.mediatailor`
`cloud.aws.cloudtrail.monitoring`	`cloud.aws.cloudtrail.monitoring`
`cloud.aws.cloudtrail.network_firewall`	`cloud.aws.cloudtrail.network_firewall`
`cloud.aws.cloudtrail.opsworks`	`cloud.aws.cloudtrail.opsworks`
`cloud.aws.cloudtrail.opsworks_cm`	`cloud.aws.cloudtrail.opsworks_cm`
`cloud.aws.cloudtrail.optimizer`	`cloud.aws.cloudtrail.optimizer`
`cloud.aws.cloudtrail.organizations`	`cloud.aws.cloudtrail.organizations`
`cloud.aws.cloudtrail.pi`	`cloud.aws.cloudtrail.pi`
`cloud.aws.cloudtrail.pricelist`	`cloud.aws.cloudtrail.pricelist`
`cloud.aws.cloudtrail.ram`	`cloud.aws.cloudtrail.ram`
`cloud.aws.cloudtrail.rds`	`cloud.aws.cloudtrail.rds`
`cloud.aws.cloudtrail.redshift`	`cloud.aws.cloudtrail.redshift`
`cloud.aws.cloudtrail.rekognition`	`cloud.aws.cloudtrail.rekognition`
`cloud.aws.cloudtrail.resource_groups`	`cloud.aws.cloudtrail.resource_groups`
`cloud.aws.cloudtrail.route53`	`cloud.aws.cloudtrail.route53`
`cloud.aws.cloudtrail.route53domains`	`cloud.aws.cloudtrail.route53domains`
`cloud.aws.cloudtrail.route53resolver`	`cloud.aws.cloudtrail.route53resolver`
`cloud.aws.cloudtrail.s3`	`cloud.aws.cloudtrail.s3`
`cloud.aws.cloudtrail.sagemaker`	`cloud.aws.cloudtrail.sagemaker`
`cloud.aws.cloudtrail.savingsplans`	`cloud.aws.cloudtrail.savingsplans`
`cloud.aws.cloudtrail.schemas`	`cloud.aws.cloudtrail.schemas`
`cloud.aws.cloudtrail.secretsmanager`	`cloud.aws.cloudtrail.secretsmanager`
`cloud.aws.cloudtrail.securityhub`	`cloud.aws.cloudtrail.securityhub`
`cloud.aws.cloudtrail.servicecatalog`	`cloud.aws.cloudtrail.servicecatalog`
`cloud.aws.cloudtrail.servicecatalog_appregistry`	`cloud.aws.cloudtrail.servicecatalog_appregistry`
`cloud.aws.cloudtrail.servicediscovery`	`cloud.aws.cloudtrail.servicediscovery`
`cloud.aws.cloudtrail.servicesquotas`	`cloud.aws.cloudtrail.servicesquotas`
`cloud.aws.cloudtrail.ses`	`cloud.aws.cloudtrail.ses`
`cloud.aws.cloudtrail.shield`	`cloud.aws.cloudtrail.shield`
`cloud.aws.cloudtrail.signin`	`cloud.aws.cloudtrail.signin`
`cloud.aws.cloudtrail.sms`	`cloud.aws.cloudtrail.sms`
`cloud.aws.cloudtrail.soo_directory`	`cloud.aws.cloudtrail.soo_directory`
`cloud.aws.cloudtrail.ssm`	`cloud.aws.cloudtrail.ssm`
`cloud.aws.cloudtrail.sns`	`cloud.aws.cloudtrail.sns`
`cloud.aws.cloudtrail.soo_directory`	`cloud.aws.cloudtrail.soo_directory`
`cloud.aws.cloudtrail.sqs`	`cloud.aws.cloudtrail.sqs`
`cloud.aws.cloudtrail.ssm`	`cloud.aws.cloudtrail.ssm`
`cloud.aws.cloudtrail.states`	`cloud.aws.cloudtrail.states`
`cloud.aws.cloudtrail.storagegateway`	`cloud.aws.cloudtrail.storagegateway`
`cloud.aws.cloudtrail.sts`	`cloud.aws.cloudtrail.sts`
`cloud.aws.cloudtrail.support`	`cloud.aws.cloudtrail.support`
`cloud.aws.cloudtrail.swf`	`cloud.aws.cloudtrail.swf`
`cloud.aws.cloudtrail.tagging`	`cloud.aws.cloudtrail.tagging`
`cloud.aws.cloudtrail.translate`	`cloud.aws.cloudtrail.translate`
`cloud.aws.cloudtrail.trustedadvisor`	`cloud.aws.cloudtrail.trustedadvisor`
`cloud.aws.cloudtrail.waf`	`cloud.aws.cloudtrail.waf`
`cloud.aws.cloudtrail.waf_regional`	`cloud.aws.cloudtrail.waf_regional`
`cloud.aws.cloudtrail.wafv2`	`cloud.aws.cloudtrail.wafv2`
`cloud.aws.cloudtrail.wellarchitected`	`cloud.aws.cloudtrail.wellarchitected`
`cloud.aws.cloudtrail.workspaces`	`cloud.aws.cloudtrail.workspaces`
`cloud.aws.cloudtrail.xray`	`cloud.aws.cloudtrail.xray`