Skip to content

CIM field change report

Learn about the CIM field changes between the latest version of the Splunk Add-on for Amazon Web Services and version 6.2.0.

Summary of changes

  • Sourcetypes with changes: 8
  • Total deleted fields: 13
  • Total modified fields: 61
  • Total new fields: 165

Details

aws:cloudtrail

Field Deleted Modified New Is CIM
action no yes yes yes
change_type no yes yes yes
eventtype no yes yes yes
object no yes yes yes
object_attrs no no yes yes
object_category no yes no yes
object_id yes yes yes yes
object_path no no yes yes
protocol no yes no yes
result no no yes yes
src_user no no yes yes
src_user_id no no yes yes
src_user_name no no yes yes
src_user_type no no yes yes
status no no yes yes
tag no yes yes yes
tag::eventtype no yes yes no
user no yes yes yes
user_name yes yes no yes
user_type no no yes yes

aws:cloudwatch:guardduty

Field Deleted Modified New Is CIM
action_type no no yes no
category yes no yes yes
dest yes yes yes yes
dest_ip no yes yes yes
dest_name yes no no yes
dest_port no yes yes yes
dest_type yes yes yes yes
eventtype no yes no yes
mitre_technique_id yes no no yes
signature no yes no yes
signature_id no yes no yes
src yes yes yes yes
src_ip yes no no yes
src_name no no yes no
src_port yes yes no yes
src_type no yes yes yes
tag no yes no yes
tag::eventtype no yes no no
transport yes yes no yes
user no no yes yes
user_name no no yes yes

aws:cloudwatchlogs:guardduty

Field Deleted Modified New Is CIM
accountId no no yes no
action no no yes yes
action_type no no yes no
category no no yes yes
dest no yes yes yes
dest_port no no yes yes
dest_type no yes no yes
dvc no no yes yes
eventtype no yes no yes
findingType no yes no no
ids_type no no yes yes
instanceId no no yes no
mitre_technique_id yes no no yes
signature no yes no yes
src no yes no yes
src_port no no yes yes
src_type no yes yes yes
tag no yes no yes
tag::eventtype no yes no no
transport no no yes yes
user_name no no yes yes

aws:cloudwatchlogs:vpcflow

Field Deleted Modified New Is CIM
account_id no yes no no
action no yes no yes
aws_account_id no yes no no
az_id no no yes no
bytes no yes no yes
dest_port no yes no yes
duration no no yes yes
dvc no yes no yes
end_time no yes no no
eventtype no no yes yes
flow_direction no no yes no
instance_id no no yes no
interface_id no yes no no
log_status no yes no no
packets no yes no yes
pkt_dst_aws_service no no yes no
pkt_dstaddr no no yes no
pkt_src_aws_service no no yes no
pkt_srcaddr no no yes no
protocol no yes no yes
protocol_code no yes no no
protocol_full_name no yes no no
region yes yes no no
src no yes no yes
src_ip no yes no yes
src_port no yes no yes
start_time no yes no yes
sublocation_id no no yes no
sublocation_type no no yes no
subnet_id no no yes no
tag no no yes yes
tag::eventtype no no yes no
tcp_flags no no yes no
traffic_path no no yes no
transport no yes no yes
type no no yes yes
user_id no yes no yes
vendor_account no yes no yes
version no yes no yes
vpc_id no no yes no
vpcflow_action no yes no no

aws:elb:accesslogs

Field Deleted Modified New Is CIM
ClientSrcIP no no yes no
ClientSrcPort no no yes no
RequestTargetIP no no yes no
RequestTargetPort no no yes no
dest no no yes yes
dest_port no no yes yes
elb_type no no yes no
src no yes no yes
src_ip no yes no yes
src_port no yes no yes

aws:s3:accesslogs

Field Deleted Modified New Is CIM
access_point_arn no no yes no
acl_required no no yes no
action no no yes yes
app no no yes yes
authentication_type no no yes no
bucket_name no no yes no
bucket_owner no no yes no
bytes_sent no no yes no
cipher_suite no no yes no
dest no no yes yes
duration no no yes yes
file_path no no yes yes
host_header no no yes no
host_id no no yes no
http_status no no yes no
key no no yes no
object_size no no yes yes
operation no no yes yes
referrer no no yes no
remote_ip no no yes no
request_id no no yes no
request_time no no yes no
request_uri no no yes no
requester no no yes no
signature_version no no yes yes
src no no yes yes
src_ip no no yes yes
status no no yes yes
storage_name no no yes yes
tls_version no no yes no
total_time no no yes no
turn_around_time no no yes no
url no no yes yes
url_domain no no yes yes
url_length no no yes yes
user_agent no no yes yes
version_id no no yes no

aws:securityhub:finding

Field Deleted Modified New Is CIM
app no yes no yes
user no yes no yes
user_name no no yes yes

aws:transitgateway:flowlogs

Field Deleted Modified New Is CIM
account_id no no yes no
action no no yes yes
app no no yes yes
bytes no no yes yes
dest no no yes yes
dest_interface no no yes yes
dest_ip no no yes yes
dest_port no no yes yes
dest_zone no no yes yes
direction no no yes yes
dstaddr no no yes no
dstport no no yes no
duration no no yes yes
dvc no no yes yes
end no no yes no
eventtype no no yes yes
flow_direction no no yes no
log_status no no yes no
packets no no yes yes
packets_lost_blackhole no no yes no
packets_lost_mtu_exceeded no no yes no
packets_lost_no_route no no yes no
packets_lost_ttl_expired no no yes no
pkt_dst_aws_service no no yes no
pkt_src_aws_service no no yes no
protocol no no yes yes
protocol_code no no yes no
protocol_full_name no no yes no
protocol_version no no yes yes
region no no yes no
resource_type no no yes yes
src no no yes yes
src_interface no no yes yes
src_ip no no yes yes
src_port no no yes yes
src_zone no no yes yes
srcaddr no no yes no
srcport no no yes no
start no no yes no
tag no no yes yes
tag::eventtype no no yes no
tcp_flag no no yes yes
tcp_flags no no yes no
tgw_attachment_id no no yes no
tgw_dst_az_id no no yes no
tgw_dst_eni no no yes no
tgw_dst_subnet_id no no yes no
tgw_dst_vpc_account_id no no yes no
tgw_dst_vpc_id no no yes no
tgw_id no no yes no
tgw_pair_attachment_id no no yes no
tgw_src_az_id no no yes no
tgw_src_eni no no yes no
tgw_src_subnet_id no no yes no
tgw_src_vpc_account_id no no yes no
tgw_src_vpc_id no no yes no
transport no no yes yes
type no no yes yes
vendor_account no no yes yes
vendor_product no no yes yes
version no no yes yes