Field changes report

Latest versus Splunk_TA_aws 7.4.1

Summary

• Sourcetypes with changes: 6
• Total deleted fields: 13
• Total modified fields: 38
• Total new fields: 108

Detailed changes

aws:cloudtrail

Field	Deleted	Modified	New	Is CIM
action	❌	✅	✅	✅
change_type	❌	✅	✅	✅
eventtype	❌	✅	✅	✅
object	❌	✅	✅	✅
object_attrs	❌	❌	✅	✅
object_category	❌	✅	❌	✅
object_id	✅	✅	✅	✅
object_path	❌	❌	✅	✅
protocol	❌	✅	❌	✅
result	❌	❌	✅	✅
src_user	❌	❌	✅	✅
src_user_id	❌	❌	✅	✅
src_user_name	❌	❌	✅	✅
src_user_type	❌	❌	✅	✅
status	❌	❌	✅	✅
tag	❌	✅	✅	✅
tag::eventtype	❌	✅	✅	❌
user	❌	✅	✅	✅
user_name	✅	✅	❌	✅
user_type	❌	❌	✅	✅

aws:cloudwatch:guardduty

Field	Deleted	Modified	New	Is CIM
action_type	❌	❌	✅	❌
category	✅	❌	✅	✅
dest	✅	✅	✅	✅
dest_ip	❌	❌	✅	✅
dest_name	✅	❌	❌	✅
dest_port	❌	✅	✅	✅
dest_type	✅	✅	✅	✅
eventtype	❌	✅	❌	✅
mitre_technique_id	✅	❌	❌	✅
signature	❌	✅	❌	✅
signature_id	❌	✅	❌	✅
src	✅	✅	✅	✅
src_ip	✅	❌	❌	✅
src_name	❌	❌	✅	❌
src_port	✅	✅	❌	✅
src_type	❌	✅	✅	✅
tag	❌	✅	❌	✅
tag::eventtype	❌	✅	❌	❌
transport	✅	✅	❌	✅
user	❌	❌	✅	✅
user_name	❌	❌	✅	✅

aws:cloudwatchlogs:guardduty

Field	Deleted	Modified	New	Is CIM
accountId	❌	❌	✅	❌
action	❌	❌	✅	✅
action_type	❌	❌	✅	❌
category	❌	❌	✅	✅
dest	❌	✅	✅	✅
dest_port	❌	❌	✅	✅
dest_type	❌	✅	❌	✅
dvc	❌	❌	✅	✅
eventtype	❌	✅	❌	✅
findingType	❌	✅	❌	❌
ids_type	❌	❌	✅	✅
instanceId	❌	❌	✅	❌
mitre_technique_id	✅	❌	❌	✅
signature	❌	✅	❌	✅
src	❌	✅	❌	✅
src_port	❌	❌	✅	✅
src_type	❌	✅	✅	✅
tag	❌	✅	❌	✅
tag::eventtype	❌	✅	❌	❌
transport	❌	❌	✅	✅
user_name	❌	❌	✅	✅

aws:cloudwatchlogs:vpcflow

Field	Deleted	Modified	New	Is CIM
protocol	❌	✅	❌	✅
region	✅	✅	❌	❌
transport	❌	✅	❌	✅

aws:elb:accesslogs

Field	Deleted	Modified	New	Is CIM
ClientSrcIP	❌	❌	✅	❌
ClientSrcPort	❌	❌	✅	❌
RequestTargetIP	❌	❌	✅	❌
RequestTargetPort	❌	❌	✅	❌
dest	❌	❌	✅	✅
dest_port	❌	❌	✅	✅
src	❌	✅	❌	✅
src_ip	❌	✅	❌	✅
src_port	❌	✅	❌	✅

aws:transitgateway:flowlogs

Field	Deleted	Modified	New	Is CIM
account_id	❌	❌	✅	❌
action	❌	❌	✅	✅
app	❌	❌	✅	✅
bytes	❌	❌	✅	✅
dest	❌	❌	✅	✅
dest_interface	❌	❌	✅	✅
dest_ip	❌	❌	✅	✅
dest_port	❌	❌	✅	✅
dest_zone	❌	❌	✅	✅
direction	❌	❌	✅	✅
dstaddr	❌	❌	✅	❌
dstport	❌	❌	✅	❌
duration	❌	❌	✅	✅
dvc	❌	❌	✅	✅
end	❌	❌	✅	❌
eventtype	❌	❌	✅	✅
flow_direction	❌	❌	✅	❌
log_status	❌	❌	✅	❌
packets	❌	❌	✅	✅
packets_lost_blackhole	❌	❌	✅	❌
packets_lost_mtu_exceeded	❌	❌	✅	❌
packets_lost_no_route	❌	❌	✅	❌
packets_lost_ttl_expired	❌	❌	✅	❌
pkt_dst_aws_service	❌	❌	✅	❌
pkt_src_aws_service	❌	❌	✅	❌
protocol	❌	❌	✅	✅
protocol_code	❌	❌	✅	❌
protocol_full_name	❌	❌	✅	❌
protocol_version	❌	❌	✅	✅
region	❌	❌	✅	❌
resource_type	❌	❌	✅	✅
src	❌	❌	✅	✅
src_interface	❌	❌	✅	✅
src_ip	❌	❌	✅	✅
src_port	❌	❌	✅	✅
src_zone	❌	❌	✅	✅
srcaddr	❌	❌	✅	❌
srcport	❌	❌	✅	❌
start	❌	❌	✅	❌
tag	❌	❌	✅	✅
tag::eventtype	❌	❌	✅	❌
tcp_flag	❌	❌	✅	✅
tcp_flags	❌	❌	✅	❌
tgw_attachment_id	❌	❌	✅	❌
tgw_dst_az_id	❌	❌	✅	❌
tgw_dst_eni	❌	❌	✅	❌
tgw_dst_subnet_id	❌	❌	✅	❌
tgw_dst_vpc_account_id	❌	❌	✅	❌
tgw_dst_vpc_id	❌	❌	✅	❌
tgw_id	❌	❌	✅	❌
tgw_pair_attachment_id	❌	❌	✅	❌
tgw_src_az_id	❌	❌	✅	❌
tgw_src_eni	❌	❌	✅	❌
tgw_src_subnet_id	❌	❌	✅	❌
tgw_src_vpc_account_id	❌	❌	✅	❌
tgw_src_vpc_id	❌	❌	✅	❌
transport	❌	❌	✅	✅
type	❌	❌	✅	✅
vendor_account	❌	❌	✅	✅
vendor_product	❌	❌	✅	✅
version	❌	❌	✅	✅