CIM compatibility of AWS Cloudtrail Logs¶
The table below describes the CIM data models mapped to respective AWS CloudTrail eventNames as of version 7.9.0 of the Splunk Add-on for Amazon Web Services.
| AWS CloudTrail eventName | CIM data model mapped |
|---|---|
ConsoleLogin |
Authentication |
AttachRolePolicy,AttachVolume,BatchGetImage,CreateAuthorizer,CreateChangeSet,CreateClientVpnEndpoint,CreateConnection,CreateDBClusterSnapshot,CreateDataChannel,CreateDeliveryStream,CreateFunction20150331,CreateKeyspace,CreateLoadBalancer,CreateLoadBalancerListeners,CreateLoadBalancerPolicy,CreateLogGroup,CreateLogStream,CreateNamespace,CreatePolicy,CreateQueue,CreateServiceLinkedRole,CreateSnapshot,CreateTable,CreateVpc,CreateWorkgroup,Decrypt,DeleteDBSubnetGroup,DeleteVpcEndpoints,DescribeAccessPoints,DescribeAccountSubscription,DescribeAddresses,DescribeBackupPolicy,DescribeCluster,DescribeConfigurationSettings,DescribeContinuousBackups,DescribeCustomerGateways,DescribeDBClusterSnapshotAttributes,DescribeDBClusterSnapshots,DescribeDBClusters,DescribeDBEngineVersions,DescribeDBInstances,DescribeDBSecurityGroups,DescribeDBSnapshotAttributes,DescribeDBSnapshots,DescribeDBSubnetGroups,DescribeDRTAccess,DescribeDeliveryStream,DescribeDirectories,DescribeEndpoint,DescribeFileSystemPolicy,DescribeFileSystems,DescribeFleets,DescribeHosts,DescribeHub,DescribeImages,DescribeInstances,DescribeInternetGateways,DescribeJobs,DescribeKeyPairs,DescribeListeners,DescribeLoadBalancers,DescribeNetworkAcls,DescribeNetworkInterfaces,DescribeSecret,GetBucketEncryption,GetDomainPermissionsPolicy,GetSecretValue,GetSecurityConfigurations,ListAliases,ListOrganizationAdminAccounts,ListRoles,PutBucketAcl |
All_Changes |
AddMemberToGroup,AdminCreateUser,AdminGetUser,AdminResetUserPassword,CreateAccessKey,CreateLoginProfile,CreateUser,CreateVirtualMFADevice,DeleteAccessKey,DeleteLoginProfile,DeleteUser,DeleteUserPolicy,GetAccountSummary,GetUser,ListAccessKeys,ListAccountAliases,ListSigningCertificates,PutUserPolicy,UpdateUser |
Account_Management |
AuthorizeSecurityGroupEgress,AuthorizeSecurityGroupIngress,CreateNetworkAcl,CreateNetworkAclEntry,CreateNetworkInterface,CreateSecurityGroup,DeleteNetworkAcl,DeleteNetworkAclEntry,DeleteNetworkInterface,DeleteSecurityGroup,ReplaceNetworkAclAssociation,ReplaceNetworkAclEntry,RevokeSecurityGroupEgress,RevokeSecurityGroupIngress |
Network_Changes |
CreateBucket,CreateVolume,DeleteBucket,DeleteVolume,DetachVolume,PutBucketPublicAccessBlock,PutObject |
Endpoint_Changes |
RebootInstances,RunInstances,StartInstances,StopInstances,TerminateInstances |
Instance_Changes |