Skip to content

CIM field change report

Learn about the CIM field changes between the latest version of the Splunk Add-on for Amazon Web Services and version 5.0.0.

Summary of changes

  • Sourcetypes with changes: 18
  • Total deleted fields: 18
  • Total modified fields: 57
  • Total new fields: 553

Details

aws:cloudfront:accesslogs

Field Deleted Modified New Is CIM
action no no yes yes
app no no yes yes
bytes no no yes yes
bytes_in no no yes yes
bytes_out no no yes yes
c_port no no yes no
cached no no yes yes
category no no yes yes
cookie no no yes yes
cs_protocol_version no no yes no
dest no no yes yes
duration no no yes yes
eventtype no no yes yes
fle_encrypted_fields no no yes no
fle_status no no yes no
http_content_type no no yes yes
http_method no no yes yes
http_referrer no no yes yes
http_referrer_domain no no yes yes
http_user_agent no no yes yes
http_user_agent_length no no yes yes
response_time no no yes yes
sc_content_len no no yes no
sc_content_type no no yes no
sc_range_end no no yes no
sc_range_start no no yes no
src no no yes yes
src_ip no no yes yes
src_port no no yes yes
status no no yes yes
tag no no yes yes
tag::eventtype no no yes no
time_to_first_byte no no yes no
uri_path no no yes yes
uri_query no no yes yes
url no no yes yes
url_domain no no yes yes
url_length no no yes yes
vendor_product no no yes yes
x_edge_detail_result_type no no yes no

aws:cloudtrail

Field Deleted Modified New Is CIM
action no yes yes yes
app yes yes no yes
authentication_method no no yes yes
change_type no yes yes yes
command no no yes yes
dest yes yes no yes
dest_ip_range no no yes yes
dest_port_range no no yes yes
direction no no yes yes
eventtype yes yes yes yes
image_id no no yes yes
instance_type no no yes yes
object yes yes yes yes
object_attrs no no yes yes
object_category no no yes yes
object_id no no yes yes
object_path no no yes yes
protocol no no yes yes
protocol_code no no yes no
reason no no yes yes
result no no yes yes
result_id no no yes yes
rule_action no no yes yes
signature no no yes yes
src_ip no no yes yes
src_ip_range no no yes yes
src_port_range no no yes yes
src_user yes yes yes yes
src_user_id no no yes yes
src_user_name no no yes yes
src_user_role no no yes yes
src_user_type no no yes yes
status no no yes yes
tag yes yes yes yes
tag::eventtype yes yes yes no
temp_access_key no no yes no
user yes yes yes yes
user_access_key no no yes no
user_agent no no yes yes
user_arn no no yes no
user_id no no yes yes
user_name no no yes yes
user_role no no yes yes
user_type yes yes no yes
vendor_account no no yes yes
vendor_product no no yes yes
vendor_region no no yes yes

aws:cloudwatch

Field Deleted Modified New Is CIM
dest no no yes yes
mem_free no no yes yes
tag no yes no yes
tag::metric_name no yes no no
vendor_product no no yes yes

aws:cloudwatch:guardduty

Field Deleted Modified New Is CIM
AWS__CloudTrail__Trail no no yes no
AWS__IAM__Role no no yes no
AWS__S3__Bucket no no yes no
action no no yes yes
action_type no no yes no
affectedResources no no yes no
app no no yes yes
attacker_domain no no yes no
aws_account_id no no yes no
aws_az no no yes no
aws_count no no yes no
awsresource no no yes no
body no no yes yes
category no no yes yes
ct_user no no yes no
dest no no yes yes
dest_ip no no yes yes
dest_ip_internal no no yes no
dest_name no no yes yes
dest_port no no yes yes
dest_type no no yes yes
dest_zone no no yes yes
detectorId no no yes no
dvc no no yes yes
eventtype no no yes yes
findingId no no yes no
findingType no no yes no
finding_category no no yes no
gd_details no no yes no
gd_object no no yes no
ids_type no no yes yes
instanceId no no yes no
lat no no yes no
lon no no yes no
outbound_attacker_domain no no yes no
raw_gd_type no no yes no
resource_type no no yes yes
severity no yes no yes
severity_id no no yes yes
signature no no yes yes
signature_id no no yes yes
src no no yes yes
src_intrusion no no yes no
src_ip no no yes yes
src_name no no yes no
src_port no no yes yes
src_type no no yes yes
subject no no yes yes
tag no no yes yes
tag::eventtype no no yes no
transport no no yes yes
type no yes no yes
user no no yes yes
userName no no yes no
user_name no no yes yes
vendor_account no no yes yes
vendor_product no no yes yes
vendor_region no no yes yes

aws:cloudwatchlogs:guardduty

Field Deleted Modified New Is CIM
accountId no no yes no
action no no yes yes
action_type no no yes no
app no no yes yes
body no no yes yes
category no no yes yes
description no no yes yes
dest no no yes yes
dest_name no no yes yes
dest_port no no yes yes
dest_type no no yes yes
dvc no no yes yes
eventtype no no yes yes
findingType no no yes no
finding_category no no yes no
id no yes no yes
ids_type no no yes yes
instanceId no no yes no
raw_gd_type no no yes no
severity no no yes yes
severity_id no no yes yes
signature no no yes yes
signature_id no no yes yes
src no no yes yes
src_name no no yes no
src_port no no yes yes
src_type no no yes yes
subject no no yes yes
tag no no yes yes
tag::eventtype no no yes no
transport no no yes yes
type no no yes yes
user no no yes yes
user_name no no yes yes
vendor_account no no yes yes
vendor_product no no yes yes
vendor_region no no yes yes

aws:cloudwatchlogs:vpcflow

Field Deleted Modified New Is CIM
account_id no yes no no
action no yes no yes
app no no yes yes
aws_account_id no yes no no
az_id no no yes no
bytes no yes no yes
dest no yes no yes
dest_ip no yes no yes
dest_port no yes no yes
duration no no yes yes
dvc no no yes yes
end_time no yes no no
eventtype yes no no yes
flow_direction no no yes no
instance_id no no yes no
interface_id no yes no no
log_status no yes no no
packets no yes no yes
pkt_dst_aws_service no no yes no
pkt_dstaddr no no yes no
pkt_src_aws_service no no yes no
pkt_srcaddr no no yes no
protocol no yes no yes
protocol_code no yes no no
protocol_full_name no yes no no
protocol_version no no yes yes
region yes yes no no
src no yes no yes
src_ip no yes no yes
src_port no yes no yes
start_time no yes no yes
sublocation_id no no yes no
sublocation_type no no yes no
subnet_id no no yes no
tag yes yes no yes
tag::eventtype yes yes no no
tcp_flags no no yes no
traffic_path no no yes no
transport no no yes yes
type no no yes yes
user_id no no yes yes
vendor_account no no yes yes
vendor_product no no yes yes
version no yes no yes
vpc_id no no yes no
vpcflow_action no yes no no

aws:config

Field Deleted Modified New Is CIM
object_category no yes no yes
object_id no yes yes yes
object_path no no yes yes
result no no yes yes
vendor_account no no yes yes
vendor_product no no yes yes

aws:config:notification

Field Deleted Modified New Is CIM
object_attrs no no yes yes
object_category no yes no yes
object_id no yes no yes
object_path no no yes yes
result no no yes yes
user no no yes yes
vendor_product no no yes yes

aws:config:rule

Field Deleted Modified New Is CIM
app no no yes yes
body no no yes yes
dest no no yes yes
severity no no yes yes
signature_id no no yes yes
tag yes yes no yes
tag::eventtype yes yes no no
type no no yes yes
vendor_product no no yes yes

aws:description

Field Deleted Modified New Is CIM
cpu_cores no no yes yes
description no no yes yes
dns no no yes yes
enabled no no yes yes
eventtype no yes yes yes
family no no yes yes
identity no no yes no
image_name no no yes no
mem_capacity no no yes no
nt_host no no yes no
snapshot no no yes yes
startDate no no yes no
status no no yes yes
tag no yes no yes
tag::eventtype no yes no no
time no no yes yes
type no no yes yes
user_id no no yes yes
user_name no no yes yes
vendor_account no no yes yes
vendor_region no no yes yes

aws:elb:accesslogs

Field Deleted Modified New Is CIM
ActionExecuted no no yes no
ChosenCertArn no no yes no
ClientPort no no yes no
ClientSrcIP no no yes no
ClientSrcPort no no yes no
DomainName no no yes no
ELB no no yes no
ELBStatusCode no no yes no
ErrorReason no no yes no
MatchedRulePriority no no yes no
ReceivedBytes no no yes no
RedirectUrl no no yes no
Request no no yes no
RequestCreationTime no no yes no
RequestProcessingTime no no yes no
RequestTargetIP no no yes no
RequestTargetPort no no yes no
RequestType no no yes no
ResponseProcessingTime no no yes no
ResponseTime no no yes no
SSLCipher no no yes no
SSLProtocol no no yes no
SentBytes no no yes no
TargetGroupArn no no yes no
TargetPort no no yes no
TargetProcessingTime no no yes no
TargetStatusCode no no yes no
TraceId no no yes no
UserAgent no no yes no
action no no yes yes
app no no yes yes
bytes no no yes yes
bytes_in no no yes yes
bytes_out no no yes yes
category no no yes yes
dest no no yes yes
dest_port no no yes yes
elb_type no no yes no
eventtype no yes no yes
http_method no no yes yes
http_user_agent no no yes yes
http_user_agent_length no no yes yes
response_time no no yes yes
src no no yes yes
src_ip no no yes yes
src_port no no yes yes
status no no yes yes
tag no no yes yes
tag::eventtype no no yes no
url no no yes yes
url_length no no yes yes
vendor_product no no yes yes

aws:inspector

Field Deleted Modified New Is CIM
body no no yes yes
dest no no yes yes
severity_id no no yes yes
tag yes yes no yes
tag::eventtype yes yes no no
vendor_account no no yes yes
vendor_product no no yes yes

aws:inspector:v2:findings

Field Deleted Modified New Is CIM
account_id no no yes no
app no no yes yes
category no no yes yes
cve no no yes yes
cvss no no yes yes
dest no no yes yes
dest_type no no yes yes
dvc no no yes yes
eventtype no no yes yes
id no no yes yes
inspector_dvc no no yes no
region no no yes no
severity no yes no yes
severity_id no no yes yes
signature no no yes yes
signature_id no no yes yes
tag no no yes yes
tag::eventtype no no yes no
type no yes no yes
url no no yes yes
vendor_account no no yes yes
vendor_product no no yes yes
vendor_region no no yes yes

aws:metadata

Field Deleted Modified New Is CIM
AccountId no yes yes no
Region no yes yes no
account_id no yes yes no
availability_zone no no yes no
aws_account_id no no yes no
cpu_cores no no yes yes
custom_tag no no yes no
dns no no yes yes
enabled no no yes yes
eventtype no no yes yes
hypervisor_name no no yes no
identity no no yes no
image_id no no yes yes
ip no no yes yes
mem_capacity no no yes no
nt_host no no yes no
power_state no no yes no
region yes yes yes no
snapshot no no yes yes
startDate no no yes no
status no no yes yes
storage_capacity no no yes no
subnet_id no no yes no
tag no no yes yes
tag::eventtype no no yes no
time no no yes yes
user_id no no yes yes
user_name no no yes yes
vendor no no yes no
vendor_account no no yes yes
vendor_product no no yes yes
vendor_region no no yes yes
virtual_network_id no no yes no
virtual_subnet_id no no yes no
vm_id no no yes no
vm_os no no yes no
vm_size no no yes no
vpc_id no no yes no

aws:s3

Field Deleted Modified New Is CIM
AuthType no no yes no
BucketCreationTime no no yes no
BucketName no no yes no
BucketOwner no no yes no
BytesSent no no yes no
CipherSuite no no yes no
ErrorCode no no yes no
HTTPMethod no no yes no
HTTPStatus no no yes no
HostHeader no no yes no
HostId no no yes no
ObjectSize no no yes no
OperationKey no no yes no
Referer no no yes no
RemoteIp no no yes no
RequestID no no yes no
RequestKey no no yes no
RequestURI no no yes no
RequestURIPath no no yes no
Requester no no yes no
SignatureVersion no no yes no
TLSVersion no no yes no
TotalTime no no yes no
TurnAroundTime no no yes no
UserAgent no no yes no
VersionId no no yes no
action no no yes yes
bytes no no yes yes
bytes_out no no yes yes
category no no yes yes
dest no no yes yes
error_code no no yes yes
eventtype no no yes yes
http_method no no yes yes
http_referrer no no yes yes
http_referrer_domain no no yes yes
http_user_agent no no yes yes
http_user_agent_length no no yes yes
operation no no yes yes
response_time no no yes yes
src no no yes yes
src_ip no no yes yes
status no no yes yes
storage_name no no yes yes
tag no no yes yes
tag::eventtype no no yes no
url no no yes yes
url_domain no no yes yes
url_length no no yes yes
user no no yes yes
vendor_product no no yes yes

aws:s3:accesslogs

Field Deleted Modified New Is CIM
access_point_arn no no yes no
acl_required no no yes no
action no no yes yes
app no no yes yes
authentication_type no no yes no
bucket_name no no yes no
bucket_owner no no yes no
bytes no no yes yes
bytes_out no no yes yes
bytes_sent no no yes no
category no no yes yes
cipher_suite no no yes no
dest no no yes yes
duration no no yes yes
error_code no no yes yes
eventtype no no yes yes
file_path no no yes yes
host_header no no yes no
host_id no no yes no
http_method no no yes yes
http_referrer no no yes yes
http_referrer_domain no no yes yes
http_status no no yes no
http_user_agent no no yes yes
http_user_agent_length no no yes yes
key no no yes no
object_size no no yes yes
operation no no yes yes
referrer no no yes no
remote_ip no no yes no
request_id no no yes no
request_time no no yes no
request_uri no no yes no
requester no no yes no
response_time no no yes yes
signature_version no no yes yes
src no no yes yes
src_ip no no yes yes
status no no yes yes
storage_name no no yes yes
tag no no yes yes
tag::eventtype no no yes no
tls_version no no yes no
total_time no no yes no
turn_around_time no no yes no
uri no no yes yes
uri_path no no yes yes
uri_protocol no no yes no
uri_query no no yes yes
url no no yes yes
url_domain no no yes yes
url_length no no yes yes
user no no yes yes
user_agent no no yes yes
vendor_product no no yes yes
version_id no no yes no

aws:securityhub:finding

Field Deleted Modified New Is CIM
accesskey_extract no no yes no
account_user no no yes no
app no no yes yes
body no no yes yes
description no no yes yes
dest no no yes yes
dest_ip no no yes yes
dest_name no no yes yes
dest_type no no yes yes
eventtype no no yes yes
id no no yes yes
instance_extract no no yes no
managed_instance_extract no no yes no
recommendation no no yes no
s3bucket_extract no no yes no
security_group_extract no no yes no
severity no no yes yes
severity_id no no yes yes
signature no no yes yes
signature_id no no yes yes
src no no yes yes
src_ip no no yes yes
subject no no yes yes
tag no no yes yes
tag::eventtype no no yes no
type no no yes yes
user no no yes yes
user_extract no no yes no
user_name no no yes yes
vendor_account no no yes yes
vendor_region no no yes yes
volume_extract no no yes no
vpc_extract no no yes no

aws:transitgateway:flowlogs

Field Deleted Modified New Is CIM
account_id no no yes no
action no no yes yes
app no no yes yes
bytes no no yes yes
dest no no yes yes
dest_interface no no yes yes
dest_ip no no yes yes
dest_port no no yes yes
dest_zone no no yes yes
direction no no yes yes
dstaddr no no yes no
dstport no no yes no
duration no no yes yes
dvc no no yes yes
end no no yes no
eventtype no no yes yes
flow_direction no no yes no
log_status no no yes no
packets no no yes yes
packets_lost_blackhole no no yes no
packets_lost_mtu_exceeded no no yes no
packets_lost_no_route no no yes no
packets_lost_ttl_expired no no yes no
pkt_dst_aws_service no no yes no
pkt_src_aws_service no no yes no
protocol no no yes yes
protocol_code no no yes no
protocol_full_name no no yes no
protocol_version no no yes yes
region no no yes no
resource_type no no yes yes
src no no yes yes
src_interface no no yes yes
src_ip no no yes yes
src_port no no yes yes
src_zone no no yes yes
srcaddr no no yes no
srcport no no yes no
start no no yes no
tag no no yes yes
tag::eventtype no no yes no
tcp_flag no no yes yes
tcp_flags no no yes no
tgw_attachment_id no no yes no
tgw_dst_az_id no no yes no
tgw_dst_eni no no yes no
tgw_dst_subnet_id no no yes no
tgw_dst_vpc_account_id no no yes no
tgw_dst_vpc_id no no yes no
tgw_id no no yes no
tgw_pair_attachment_id no no yes no
tgw_src_az_id no no yes no
tgw_src_eni no no yes no
tgw_src_subnet_id no no yes no
tgw_src_vpc_account_id no no yes no
tgw_src_vpc_id no no yes no
transport no no yes yes
type no no yes yes
vendor_account no no yes yes
vendor_product no no yes yes
version no no yes yes