Document toolboxDocument toolbox

vpc.aws

Owned by Juan Tomás Alonso Nieto (Deactivated)
Last updated: Jul 25, 2023
1 min read
[ 1 Introduction ] [ 2 Valid tags and data tables ] [ 3 Table structure ]

Introduction

The tags beginning with vpc.aws identify events generated by Amazon Web Services.

Valid tags and data tables

The full tag must have 3 levels. The first two are fixed as vpc.aws. The third level identifies the type of events sent.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Tags

Data tables

Tags

Data tables

vpc.aws.flow

vpc.aws.flow

For more information, read more About Devo tags.

Table structure

These are the fields displayed in this table:

vpc.aws.flow

Field

Type

Source field name

Extra fields

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

 

version

int4

 

 

accountId

str

 

 

interface_id

str

 

 

srcaddr

ip4

 

 

dstaddr

ip4

 

 

srcport

int8

 

 

dstport

int8

 

 

protocol

int4

 

 

packets

int4

 

 

bytes

int8

 

 

start_date

timestamp

 

 

end_date

timestamp

 

 

action

str

 

 

log_status

str

 

 

vpc_id

str

 

 

subnet_id

str

 

 

instance_id

str

 

 

tcp_flags

str

 

 

type

str

 

 

pkt_srcaddr

ip4

 

 

pkt_dstaddr

ip4

 

 

region

str

 

 

az_id

str

 

 

sublocation_type

str

 

 

sublocation_id

str

 

 

pkt_src_aws_service

str

 

 

pkt_dst_aws_service

str

 

 

flow_direction

str

 

 

traffic_path

str

 

 

rawMessage

str

rawSource

✓

hostchain

str

 

✓

tag

str

 

✓