CIM compatibility of AWS CloudTrail logs¶
The following table describes the CIM data models mapped to respective AWS CloudTrail eventNames as of version 7.10.0 of the Splunk Add-on for Amazon Web Services.
| AWS CloudTrail eventName | CIM data model mapped |
|---|---|
ConsoleLogin |
Authentication |
AttachRolePolicy,AttachVolume,BatchGetImage,CreateAuthorizer,CreateChangeSet,CreateClientVpnEndpoint,CreateConnection,CreateDBClusterSnapshot,CreateDataChannel,CreateDeliveryStream,CreateFunction20150331,CreateKeyspace,CreateLoadBalancer,CreateLoadBalancerListeners,CreateLoadBalancerPolicy,CreateLogGroup,CreateLogStream,CreateNamespace,CreatePolicy,CreateQueue,CreateServiceLinkedRole,CreateSnapshot,CreateTable,CreateVpc,CreateWorkgroup,Decrypt,DeleteDBSubnetGroup,DeleteVpcEndpoints,DescribeAccessPoints,DescribeAccountSubscription,DescribeAddresses,DescribeBackupPolicy,DescribeCluster,DescribeConfigurationSettings,DescribeContinuousBackups,DescribeCustomerGateways,DescribeDBClusterSnapshotAttributes,DescribeDBClusterSnapshots,DescribeDBClusters,DescribeDBEngineVersions,DescribeDBInstances,DescribeDBSecurityGroups,DescribeDBSnapshotAttributes,DescribeDBSnapshots,DescribeDBSubnetGroups,DescribeDRTAccess,DescribeDeliveryStream,DescribeDirectories,DescribeEndpoint,DescribeFileSystemPolicy,DescribeFileSystems,DescribeFleets,DescribeHosts,DescribeHub,DescribeImages,DescribeInstances,DescribeInternetGateways,DescribeJobs,DescribeKeyPairs,DescribeListeners,DescribeLoadBalancers,DescribeLogStreams,DescribeLoggingConfiguration,DescribeNatGateways,DescribeNetworkAcls,DescribeNetworkInterfaces,DescribeNotebookInstance,DescribeOrganizationConfiguration,DescribeRepositories,DescribeReservedDBInstances,DescribeReservedInstances,DescribeReservedInstancesListings,DescribeRouteTables,DescribeRules,DescribeSecret,DescribeSecurityGroupRules,DescribeSecurityGroups,DescribeSnapshots,DescribeStacks,DescribeStream,DescribeSubnets,DescribeTable,DescribeTargetGroups,DescribeUserProfiles,DescribeVolumes,DescribeVpcEndpointServicePermissions,DescribeVpcEndpoints,DescribeVpcs,DescribeVpnConnections,DescribeWorkspaceDirectories,DescribeWorkspaces,DetachInternetGateway,DriverExecute,EnableControl,Error_GET,GenerateCredentialReport,GetAccessPointPolicy,GetAccountPasswordPolicy,GetAccountPublicAccessBlock,GetAdminScope,GetAlternateContact,GetBucketEncryption,GetContactInformation,GetDomainPermissionsPolicy,GetSecretValue,GetSecurityConfigurations,ListAliases,ListOrganizationAdminAccounts,ListRoles,PutBucketAcl |
All_Changes |
AddMemberToGroup,AdminCreateUser,AdminGetUser,AdminResetUserPassword,CreateAccessKey,CreateLoginProfile,CreateUser,CreateVirtualMFADevice,DeleteAccessKey,DeleteLoginProfile,DeleteUser,DeleteUserPolicy,GetAccountSummary,GetUser,ListAccessKeys,ListAccountAliases,ListSigningCertificates,PutUserPolicy,UpdateUser |
Account_Management |
AuthorizeSecurityGroupEgress,AuthorizeSecurityGroupIngress,CreateNetworkAcl,CreateNetworkAclEntry,CreateNetworkInterface,CreateSecurityGroup,DeleteNetworkAcl,DeleteNetworkAclEntry,DeleteNetworkInterface,DeleteSecurityGroup,ReplaceNetworkAclAssociation,ReplaceNetworkAclEntry,RevokeSecurityGroupEgress,RevokeSecurityGroupIngress |
Network_Changes |
CreateBucket,CreateVolume,DeleteBucket,DeleteVolume,DetachVolume,PutBucketPublicAccessBlock,PutObject |
Endpoint_Changes |
RebootInstances,RunInstances,StartInstances,StopInstances,TerminateInstances |
Instance_Changes |