Skip to content

Field changes report

Latest versus Splunk_TA_aws 5.0.0

Summary

  • Sourcetypes with changes: 18
  • Total deleted fields: 18
  • Total modified fields: 57
  • Total new fields: 553

Detailed changes

aws:cloudfront:accesslogs

Field Deleted Modified New Is CIM
action
app
bytes
bytes_in
bytes_out
c_port
cached
category
cookie
cs_protocol_version
dest
duration
eventtype
fle_encrypted_fields
fle_status
http_content_type
http_method
http_referrer
http_referrer_domain
http_user_agent
http_user_agent_length
response_time
sc_content_len
sc_content_type
sc_range_end
sc_range_start
src
src_ip
src_port
status
tag
tag::eventtype
time_to_first_byte
uri_path
uri_query
url
url_domain
url_length
vendor_product
x_edge_detail_result_type

aws:cloudtrail

Field Deleted Modified New Is CIM
action
app
authentication_method
change_type
command
dest
dest_ip_range
dest_port_range
direction
eventtype
image_id
instance_type
object
object_attrs
object_category
object_id
object_path
protocol
protocol_code
reason
result
result_id
rule_action
signature
src_ip
src_ip_range
src_port_range
src_user
src_user_id
src_user_name
src_user_role
src_user_type
status
tag
tag::eventtype
temp_access_key
user
user_access_key
user_agent
user_arn
user_id
user_name
user_role
user_type
vendor_account
vendor_product
vendor_region

aws:cloudwatch

Field Deleted Modified New Is CIM
dest
mem_free
tag
tag::metric_name
vendor_product

aws:cloudwatch:guardduty

Field Deleted Modified New Is CIM
AWS__CloudTrail__Trail
AWS__IAM__Role
AWS__S3__Bucket
action
action_type
affectedResources
app
attacker_domain
aws_account_id
aws_az
aws_count
awsresource
body
category
ct_user
dest
dest_ip
dest_ip_internal
dest_name
dest_port
dest_type
dest_zone
detectorId
dvc
eventtype
findingId
findingType
finding_category
gd_details
gd_object
ids_type
instanceId
lat
lon
outbound_attacker_domain
raw_gd_type
resource_type
severity
severity_id
signature
signature_id
src
src_intrusion
src_ip
src_name
src_port
src_type
subject
tag
tag::eventtype
transport
type
user
userName
user_name
vendor_account
vendor_product
vendor_region

aws:cloudwatchlogs:guardduty

Field Deleted Modified New Is CIM
accountId
action
action_type
app
body
category
description
dest
dest_name
dest_port
dest_type
dvc
eventtype
findingType
finding_category
id
ids_type
instanceId
raw_gd_type
severity
severity_id
signature
signature_id
src
src_name
src_port
src_type
subject
tag
tag::eventtype
transport
type
user
user_name
vendor_account
vendor_product
vendor_region

aws:cloudwatchlogs:vpcflow

Field Deleted Modified New Is CIM
account_id
action
app
aws_account_id
az_id
bytes
dest
dest_ip
dest_port
duration
dvc
end_time
eventtype
flow_direction
instance_id
interface_id
log_status
packets
pkt_dst_aws_service
pkt_dstaddr
pkt_src_aws_service
pkt_srcaddr
protocol
protocol_code
protocol_full_name
protocol_version
region
src
src_ip
src_port
start_time
sublocation_id
sublocation_type
subnet_id
tag
tag::eventtype
tcp_flags
traffic_path
transport
type
user_id
vendor_account
vendor_product
version
vpc_id
vpcflow_action

aws:config

Field Deleted Modified New Is CIM
object_category
object_id
object_path
result
vendor_account
vendor_product

aws:config:notification

Field Deleted Modified New Is CIM
object_attrs
object_category
object_id
object_path
result
user
vendor_product

aws:config:rule

Field Deleted Modified New Is CIM
app
body
dest
severity
signature_id
tag
tag::eventtype
type
vendor_product

aws:description

Field Deleted Modified New Is CIM
cpu_cores
description
dns
enabled
eventtype
family
identity
image_name
mem_capacity
nt_host
snapshot
startDate
status
tag
tag::eventtype
time
type
user_id
user_name
vendor_account
vendor_region

aws:elb:accesslogs

Field Deleted Modified New Is CIM
ActionExecuted
ChosenCertArn
ClientPort
ClientSrcIP
ClientSrcPort
DomainName
ELB
ELBStatusCode
ErrorReason
MatchedRulePriority
ReceivedBytes
RedirectUrl
Request
RequestCreationTime
RequestProcessingTime
RequestTargetIP
RequestTargetPort
RequestType
ResponseProcessingTime
ResponseTime
SSLCipher
SSLProtocol
SentBytes
TargetGroupArn
TargetPort
TargetProcessingTime
TargetStatusCode
TraceId
UserAgent
action
app
bytes
bytes_in
bytes_out
category
dest
dest_port
elb_type
eventtype
http_method
http_user_agent
http_user_agent_length
response_time
src
src_ip
src_port
status
tag
tag::eventtype
url
url_length
vendor_product

aws:inspector

Field Deleted Modified New Is CIM
body
dest
severity_id
tag
tag::eventtype
vendor_account
vendor_product

aws:inspector:v2:findings

Field Deleted Modified New Is CIM
account_id
app
category
cve
cvss
dest
dest_type
dvc
eventtype
id
inspector_dvc
region
severity
severity_id
signature
signature_id
tag
tag::eventtype
type
url
vendor_account
vendor_product
vendor_region

aws:metadata

Field Deleted Modified New Is CIM
AccountId
Region
account_id
availability_zone
aws_account_id
cpu_cores
custom_tag
dns
enabled
eventtype
hypervisor_name
identity
image_id
ip
mem_capacity
nt_host
power_state
region
snapshot
startDate
status
storage_capacity
subnet_id
tag
tag::eventtype
time
user_id
user_name
vendor
vendor_account
vendor_product
vendor_region
virtual_network_id
virtual_subnet_id
vm_id
vm_os
vm_size
vpc_id

aws:s3

Field Deleted Modified New Is CIM
AuthType
BucketCreationTime
BucketName
BucketOwner
BytesSent
CipherSuite
ErrorCode
HTTPMethod
HTTPStatus
HostHeader
HostId
ObjectSize
OperationKey
Referer
RemoteIp
RequestID
RequestKey
RequestURI
RequestURIPath
Requester
SignatureVersion
TLSVersion
TotalTime
TurnAroundTime
UserAgent
VersionId
action
bytes
bytes_out
category
dest
error_code
eventtype
http_method
http_referrer
http_referrer_domain
http_user_agent
http_user_agent_length
operation
response_time
src
src_ip
status
storage_name
tag
tag::eventtype
url
url_domain
url_length
user
vendor_product

aws:s3:accesslogs

Field Deleted Modified New Is CIM
access_point_arn
acl_required
action
app
authentication_type
bucket_name
bucket_owner
bytes
bytes_out
bytes_sent
category
cipher_suite
dest
duration
error_code
eventtype
file_path
host_header
host_id
http_method
http_referrer
http_referrer_domain
http_status
http_user_agent
http_user_agent_length
key
object_size
operation
referrer
remote_ip
request_id
request_time
request_uri
requester
response_time
signature_version
src
src_ip
status
storage_name
tag
tag::eventtype
tls_version
total_time
turn_around_time
uri
uri_path
uri_protocol
uri_query
url
url_domain
url_length
user
user_agent
vendor_product
version_id

aws:securityhub:finding

Field Deleted Modified New Is CIM
accesskey_extract
account_user
app
body
description
dest
dest_ip
dest_name
dest_type
eventtype
id
instance_extract
managed_instance_extract
recommendation
s3bucket_extract
security_group_extract
severity
severity_id
signature
signature_id
src
src_ip
subject
tag
tag::eventtype
type
user
user_extract
user_name
vendor_account
vendor_region
volume_extract
vpc_extract

aws:transitgateway:flowlogs

Field Deleted Modified New Is CIM
account_id
action
app
bytes
dest
dest_interface
dest_ip
dest_port
dest_zone
direction
dstaddr
dstport
duration
dvc
end
eventtype
flow_direction
log_status
packets
packets_lost_blackhole
packets_lost_mtu_exceeded
packets_lost_no_route
packets_lost_ttl_expired
pkt_dst_aws_service
pkt_src_aws_service
protocol
protocol_code
protocol_full_name
protocol_version
region
resource_type
src
src_interface
src_ip
src_port
src_zone
srcaddr
srcport
start
tag
tag::eventtype
tcp_flag
tcp_flags
tgw_attachment_id
tgw_dst_az_id
tgw_dst_eni
tgw_dst_subnet_id
tgw_dst_vpc_account_id
tgw_dst_vpc_id
tgw_id
tgw_pair_attachment_id
tgw_src_az_id
tgw_src_eni
tgw_src_subnet_id
tgw_src_vpc_account_id
tgw_src_vpc_id
transport
type
vendor_account
vendor_product
version