Skip to content

CIM field change report

Learn about the CIM field changes between the latest version of the Splunk Add-on for Amazon Web Services and version 7.4.1.

Summary of changes

  • Sourcetypes with changes: 6
  • Total deleted fields: 13
  • Total modified fields: 38
  • Total new fields: 108

Details

aws:cloudtrail

Field Deleted Modified New Is CIM
action no yes yes yes
change_type no yes yes yes
eventtype no yes yes yes
object no yes yes yes
object_attrs no no yes yes
object_category no yes no yes
object_id yes yes yes yes
object_path no no yes yes
protocol no yes no yes
result no no yes yes
src_user no no yes yes
src_user_id no no yes yes
src_user_name no no yes yes
src_user_type no no yes yes
status no no yes yes
tag no yes yes yes
tag::eventtype no yes yes no
user no yes yes yes
user_name yes yes no yes
user_type no no yes yes

aws:cloudwatch:guardduty

Field Deleted Modified New Is CIM
action_type no no yes no
category yes no yes yes
dest yes yes yes yes
dest_ip no no yes yes
dest_name yes no no yes
dest_port no yes yes yes
dest_type yes yes yes yes
eventtype no yes no yes
mitre_technique_id yes no no yes
signature no yes no yes
signature_id no yes no yes
src yes yes yes yes
src_ip yes no no yes
src_name no no yes no
src_port yes yes no yes
src_type no yes yes yes
tag no yes no yes
tag::eventtype no yes no no
transport yes yes no yes
user no no yes yes
user_name no no yes yes

aws:cloudwatchlogs:guardduty

Field Deleted Modified New Is CIM
accountId no no yes no
action no no yes yes
action_type no no yes no
category no no yes yes
dest no yes yes yes
dest_port no no yes yes
dest_type no yes no yes
dvc no no yes yes
eventtype no yes no yes
findingType no yes no no
ids_type no no yes yes
instanceId no no yes no
mitre_technique_id yes no no yes
signature no yes no yes
src no yes no yes
src_port no no yes yes
src_type no yes yes yes
tag no yes no yes
tag::eventtype no yes no no
transport no no yes yes
user_name no no yes yes

aws:cloudwatchlogs:vpcflow

Field Deleted Modified New Is CIM
protocol no yes no yes
region yes yes no no
transport no yes no yes

aws:elb:accesslogs

Field Deleted Modified New Is CIM
ClientSrcIP no no yes no
ClientSrcPort no no yes no
RequestTargetIP no no yes no
RequestTargetPort no no yes no
dest no no yes yes
dest_port no no yes yes
src no yes no yes
src_ip no yes no yes
src_port no yes no yes

aws:transitgateway:flowlogs

Field Deleted Modified New Is CIM
account_id no no yes no
action no no yes yes
app no no yes yes
bytes no no yes yes
dest no no yes yes
dest_interface no no yes yes
dest_ip no no yes yes
dest_port no no yes yes
dest_zone no no yes yes
direction no no yes yes
dstaddr no no yes no
dstport no no yes no
duration no no yes yes
dvc no no yes yes
end no no yes no
eventtype no no yes yes
flow_direction no no yes no
log_status no no yes no
packets no no yes yes
packets_lost_blackhole no no yes no
packets_lost_mtu_exceeded no no yes no
packets_lost_no_route no no yes no
packets_lost_ttl_expired no no yes no
pkt_dst_aws_service no no yes no
pkt_src_aws_service no no yes no
protocol no no yes yes
protocol_code no no yes no
protocol_full_name no no yes no
protocol_version no no yes yes
region no no yes no
resource_type no no yes yes
src no no yes yes
src_interface no no yes yes
src_ip no no yes yes
src_port no no yes yes
src_zone no no yes yes
srcaddr no no yes no
srcport no no yes no
start no no yes no
tag no no yes yes
tag::eventtype no no yes no
tcp_flag no no yes yes
tcp_flags no no yes no
tgw_attachment_id no no yes no
tgw_dst_az_id no no yes no
tgw_dst_eni no no yes no
tgw_dst_subnet_id no no yes no
tgw_dst_vpc_account_id no no yes no
tgw_dst_vpc_id no no yes no
tgw_id no no yes no
tgw_pair_attachment_id no no yes no
tgw_src_az_id no no yes no
tgw_src_eni no no yes no
tgw_src_subnet_id no no yes no
tgw_src_vpc_account_id no no yes no
tgw_src_vpc_id no no yes no
transport no no yes yes
type no no yes yes
vendor_account no no yes yes
vendor_product no no yes yes
version no no yes yes