CIM field change report¶

Learn about the CIM field changes between the latest version of the Splunk Add-on for Amazon Web Services and version 5.4.0.

Summary of changes¶

Field	Deleted	Modified	New	Is CIM
action	no	yes	yes	yes
change_type	no	yes	yes	yes
eventtype	no	yes	yes	yes
object	no	yes	yes	yes
object_attrs	no	no	yes	yes
object_category	no	yes	no	yes
object_id	yes	yes	yes	yes
object_path	no	no	yes	yes
protocol	no	yes	no	yes
result	no	no	yes	yes
src_user	no	no	yes	yes
src_user_id	no	no	yes	yes
src_user_name	no	no	yes	yes
src_user_type	no	no	yes	yes
status	no	no	yes	yes
tag	no	yes	yes	yes
tag::eventtype	no	yes	yes	no
user	no	yes	yes	yes
user_name	yes	yes	no	yes
user_type	no	no	yes	yes

Field	Deleted	Modified	New	Is CIM
action_type	no	no	yes	no
category	yes	no	yes	yes
dest	yes	yes	yes	yes
dest_ip	no	yes	yes	yes
dest_name	yes	no	no	yes
dest_port	no	yes	yes	yes
dest_type	yes	yes	yes	yes
eventtype	no	yes	no	yes
mitre_technique_id	yes	no	no	yes
signature	no	yes	no	yes
signature_id	no	yes	no	yes
src	yes	yes	yes	yes
src_ip	yes	no	no	yes
src_name	no	no	yes	no
src_port	yes	yes	no	yes
src_type	no	yes	yes	yes
tag	no	yes	no	yes
tag::eventtype	no	yes	no	no
transport	yes	yes	no	yes
user	no	no	yes	yes
user_name	no	no	yes	yes

Field	Deleted	Modified	New	Is CIM
accountId	no	no	yes	no
action	no	no	yes	yes
action_type	no	no	yes	no
category	no	no	yes	yes
dest	no	yes	yes	yes
dest_port	no	no	yes	yes
dest_type	no	yes	no	yes
dvc	no	no	yes	yes
eventtype	no	yes	no	yes
findingType	no	yes	no	no
ids_type	no	no	yes	yes
instanceId	no	no	yes	no
mitre_technique_id	yes	no	no	yes
signature	no	yes	no	yes
src	no	yes	no	yes
src_port	no	no	yes	yes
src_type	no	yes	yes	yes
tag	no	yes	no	yes
tag::eventtype	no	yes	no	no
transport	no	no	yes	yes
user_name	no	no	yes	yes

Field	Deleted	Modified	New	Is CIM
account_id	no	yes	no	no
action	no	yes	no	yes
aws_account_id	no	yes	no	no
az_id	no	no	yes	no
bytes	no	yes	no	yes
dest_port	no	yes	no	yes
duration	no	no	yes	yes
dvc	no	yes	no	yes
end_time	no	yes	no	no
eventtype	no	no	yes	yes
flow_direction	no	no	yes	no
instance_id	no	no	yes	no
interface_id	no	yes	no	no
log_status	no	yes	no	no
packets	no	yes	no	yes
pkt_dst_aws_service	no	no	yes	no
pkt_dstaddr	no	no	yes	no
pkt_src_aws_service	no	no	yes	no
pkt_srcaddr	no	no	yes	no
protocol	no	yes	no	yes
protocol_code	no	yes	no	no
protocol_full_name	no	yes	no	no
region	yes	yes	no	no
src	no	yes	no	yes
src_ip	no	yes	no	yes
src_port	no	yes	no	yes
start_time	no	yes	no	yes
sublocation_id	no	no	yes	no
sublocation_type	no	no	yes	no
subnet_id	no	no	yes	no
tag	no	no	yes	yes
tag::eventtype	no	no	yes	no
tcp_flags	no	no	yes	no
traffic_path	no	no	yes	no
transport	no	yes	no	yes
type	no	no	yes	yes
user_id	no	yes	no	yes
vendor_account	no	yes	no	yes
version	no	yes	no	yes
vpc_id	no	no	yes	no
vpcflow_action	no	yes	no	no

Field	Deleted	Modified	New	Is CIM
ClientSrcIP	no	no	yes	no
ClientSrcPort	no	no	yes	no
RequestTargetIP	no	no	yes	no
RequestTargetPort	no	no	yes	no
dest	no	no	yes	yes
dest_port	no	no	yes	yes
elb_type	no	no	yes	no
src	no	yes	no	yes
src_ip	no	yes	no	yes
src_port	no	yes	no	yes

Field	Deleted	Modified	New	Is CIM
account_id	no	no	yes	no
app	no	no	yes	yes
category	no	no	yes	yes
cve	no	no	yes	yes
cvss	no	no	yes	yes
dest	no	no	yes	yes
dest_type	no	no	yes	yes
dvc	no	no	yes	yes
eventtype	no	no	yes	yes
id	no	no	yes	yes
inspector_dvc	no	no	yes	no
region	no	no	yes	no
severity	no	yes	no	yes
severity_id	no	no	yes	yes
signature	no	no	yes	yes
signature_id	no	no	yes	yes
tag	no	no	yes	yes
tag::eventtype	no	no	yes	no
type	no	yes	no	yes
url	no	no	yes	yes
vendor_account	no	no	yes	yes
vendor_product	no	no	yes	yes
vendor_region	no	no	yes	yes

Field	Deleted	Modified	New	Is CIM
access_point_arn	no	no	yes	no
acl_required	no	no	yes	no
action	no	no	yes	yes
app	no	no	yes	yes
authentication_type	no	no	yes	no
bucket_name	no	no	yes	no
bucket_owner	no	no	yes	no
bytes_sent	no	no	yes	no
cipher_suite	no	no	yes	no
dest	no	no	yes	yes
duration	no	no	yes	yes
file_path	no	no	yes	yes
host_header	no	no	yes	no
host_id	no	no	yes	no
http_status	no	no	yes	no
key	no	no	yes	no
object_size	no	no	yes	yes
operation	no	no	yes	yes
referrer	no	no	yes	no
remote_ip	no	no	yes	no
request_id	no	no	yes	no
request_time	no	no	yes	no
request_uri	no	no	yes	no
requester	no	no	yes	no
signature_version	no	no	yes	yes
src	no	no	yes	yes
src_ip	no	no	yes	yes
status	no	no	yes	yes
storage_name	no	no	yes	yes
tls_version	no	no	yes	no
total_time	no	no	yes	no
turn_around_time	no	no	yes	no
url	no	no	yes	yes
url_domain	no	no	yes	yes
url_length	no	no	yes	yes
user_agent	no	no	yes	yes
version_id	no	no	yes	no

Field	Deleted	Modified	New	Is CIM
app	no	yes	no	yes
user	no	yes	no	yes
user_name	no	no	yes	yes

Field	Deleted	Modified	New	Is CIM
account_id	no	no	yes	no
action	no	no	yes	yes
app	no	no	yes	yes
bytes	no	no	yes	yes
dest	no	no	yes	yes
dest_interface	no	no	yes	yes
dest_ip	no	no	yes	yes
dest_port	no	no	yes	yes
dest_zone	no	no	yes	yes
direction	no	no	yes	yes
dstaddr	no	no	yes	no
dstport	no	no	yes	no
duration	no	no	yes	yes
dvc	no	no	yes	yes
end	no	no	yes	no
eventtype	no	no	yes	yes
flow_direction	no	no	yes	no
log_status	no	no	yes	no
packets	no	no	yes	yes
packets_lost_blackhole	no	no	yes	no
packets_lost_mtu_exceeded	no	no	yes	no
packets_lost_no_route	no	no	yes	no
packets_lost_ttl_expired	no	no	yes	no
pkt_dst_aws_service	no	no	yes	no
pkt_src_aws_service	no	no	yes	no
protocol	no	no	yes	yes
protocol_code	no	no	yes	no
protocol_full_name	no	no	yes	no
protocol_version	no	no	yes	yes
region	no	no	yes	no
resource_type	no	no	yes	yes
src	no	no	yes	yes
src_interface	no	no	yes	yes
src_ip	no	no	yes	yes
src_port	no	no	yes	yes
src_zone	no	no	yes	yes
srcaddr	no	no	yes	no
srcport	no	no	yes	no
start	no	no	yes	no
tag	no	no	yes	yes
tag::eventtype	no	no	yes	no
tcp_flag	no	no	yes	yes
tcp_flags	no	no	yes	no
tgw_attachment_id	no	no	yes	no
tgw_dst_az_id	no	no	yes	no
tgw_dst_eni	no	no	yes	no
tgw_dst_subnet_id	no	no	yes	no
tgw_dst_vpc_account_id	no	no	yes	no
tgw_dst_vpc_id	no	no	yes	no
tgw_id	no	no	yes	no
tgw_pair_attachment_id	no	no	yes	no
tgw_src_az_id	no	no	yes	no
tgw_src_eni	no	no	yes	no
tgw_src_subnet_id	no	no	yes	no
tgw_src_vpc_account_id	no	no	yes	no
tgw_src_vpc_id	no	no	yes	no
transport	no	no	yes	yes
type	no	no	yes	yes
vendor_account	no	no	yes	yes
vendor_product	no	no	yes	yes
version	no	no	yes	yes