Skip to content

Commit

Permalink
[AWS] Fix aws.cloudtrail.request_id parsing (#33143) (#33226)
Browse files Browse the repository at this point in the history 
(cherry picked from commit 2eb8bb8)

Co-authored-by: Şamil Taner Cengiz <53875110+turuncuofke@users.noreply.github.com>
Co-authored-by: kaiyan-sheng <kaiyan.sheng@elastic.co>
  • Loading branch information
@mergify @turuncuofke @kaiyan-sheng
3 people authored Oct 3, 2022
1 parent dfd798c commit a6c07c5
Show file tree
Hide file tree
Showing 29 changed files with 35 additions and 1 deletion.
1 change: 1 addition & 0 deletions CHANGELOG.next.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,7 @@ https://github.com/elastic/beats/compare/v8.2.0\...main[Check the HEAD diff]
- Import dashboards from CEF integration. {pull}32766[32766]
- Fix how to handle IPv6 addresses in the fileset `nginx/ingress_controller` for Filebeat. {pull}32989[32989]
- Fix handling of Cisco 302020 messages in ASA and FTD modules. {pull}33089[33089]
- Fix requestID parsing in AWS cloudtrail fileset. {pull}33143[33143]

*Auditbeat*

Expand Down
2 changes: 1 addition & 1 deletion x-pack/filebeat/module/aws/cloudtrail/ingest/pipeline.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -183,7 +183,7 @@ processors:
}
ignore_failure: true
- rename:
field: "json.requestId"
field: "json.requestID"
target_field: "aws.cloudtrail.request_id"
ignore_failure: true
- rename:
Expand Down
1 change: 1 addition & 0 deletions x-pack/filebeat/module/aws/cloudtrail/test/assume-role-json.log-expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@
"aws.cloudtrail.flattened.response_elements.credentials.expiration": "Oct 2, 2019 11:12:29 PM",
"aws.cloudtrail.flattened.response_elements.credentials.sessionToken": "AgoJb3JpZ2luX2VjEB4aCXVzLXdlc3QtMSJHMEXAMPLETOKEN+//rJb8Lo30mFc5MlhFCEbubZvEj0wHB/mDMwIgSEe9gk/Zjr09tZV7F1HDTMhmEXAMPLETOKEN/iEJ/rkqngII9///////////ARABGgw0MjgzMDc4NjM5NjYiDLZjZFKwP4qxQG5sFCryASO4UPz5qE97wPPH1eLMvs7CgSDBSWfonmRTCfokm2FN1+hWUdQQH6adjbbrVLFL8c3jSsBhQ383AvxpwK5YRuDE1AI/+C+WKFZb701eiv9J5La2EXAMPLETOKEN/c7S5Iro1WUJ0q3Cxuo/8HUoSxVhQHM7zF7mWWLhXLEQ52ivL+F6q5dpXu4aTFedpMfnJa8JtkWwG9x1Axj0Ypy2ok8v5unpQGWych1vwdvj6ez1Dm8Xg1+qIzXILiEXAMPLETOKEN/vQGqu8H+nxp3kabcrtOvTFTvxX6vsc8OGwUfHhzAfYGEXAMPLETOKEN/L6v1yMM3B1OwFOrQBno1HEjf1oNI8RnQiMNFdUOtwYj7HUZIOCZmjfN8PPHq77N7GJl9lzvIZKQA0Owcjg+mc78zHCj8y0siY8C96paEXAMPLETOKEN/E3cpksxWdgs91HRzJWScjN2+r2LTGjYhyPqcmFzzo2mCE7mBNEXAMPLETOKEN/oJy+2o83YNW5tOiDmczgDzJZ4UKR84yGYOMfSnF4XcEJrDgAJ3OJFwmTcTQICAlSwLEXAMPLETOKEN",
"aws.cloudtrail.recipient_account_id": "111111111111",
"aws.cloudtrail.request_id": "b96b0e4e-e561-11e9-8b3f-7b396EXAMPLE",
"aws.cloudtrail.request_parameters": "{incomingTransitiveTags={Department=Engineering}, transitiveTagKeys=[Email, CostCenter], durationSeconds=3600, roleArn=arn:aws:iam::111111111111:role/JohnRole2, roleSessionName=Role2WithTags, tags=[{value=johndoe@example.com, key=Email}, {value=12345, key=CostCenter}]}",
"aws.cloudtrail.response_elements": "{assumedRoleUser={assumedRoleId=AROAIFR7WHDTSOYQYHFUE:Role2WithTags, arn=arn:aws:sts::111111111111:assumed-role/test-role/Role2WithTags}, credentials={accessKeyId=ASIAWHOJDLGPOEXAMPLE, sessionToken=AgoJb3JpZ2luX2VjEB4aCXVzLXdlc3QtMSJHMEXAMPLETOKEN+//rJb8Lo30mFc5MlhFCEbubZvEj0wHB/mDMwIgSEe9gk/Zjr09tZV7F1HDTMhmEXAMPLETOKEN/iEJ/rkqngII9///////////ARABGgw0MjgzMDc4NjM5NjYiDLZjZFKwP4qxQG5sFCryASO4UPz5qE97wPPH1eLMvs7CgSDBSWfonmRTCfokm2FN1+hWUdQQH6adjbbrVLFL8c3jSsBhQ383AvxpwK5YRuDE1AI/+C+WKFZb701eiv9J5La2EXAMPLETOKEN/c7S5Iro1WUJ0q3Cxuo/8HUoSxVhQHM7zF7mWWLhXLEQ52ivL+F6q5dpXu4aTFedpMfnJa8JtkWwG9x1Axj0Ypy2ok8v5unpQGWych1vwdvj6ez1Dm8Xg1+qIzXILiEXAMPLETOKEN/vQGqu8H+nxp3kabcrtOvTFTvxX6vsc8OGwUfHhzAfYGEXAMPLETOKEN/L6v1yMM3B1OwFOrQBno1HEjf1oNI8RnQiMNFdUOtwYj7HUZIOCZmjfN8PPHq77N7GJl9lzvIZKQA0Owcjg+mc78zHCj8y0siY8C96paEXAMPLETOKEN/E3cpksxWdgs91HRzJWScjN2+r2LTGjYhyPqcmFzzo2mCE7mBNEXAMPLETOKEN/oJy+2o83YNW5tOiDmczgDzJZ4UKR84yGYOMfSnF4XcEJrDgAJ3OJFwmTcTQICAlSwLEXAMPLETOKEN, expiration=Oct 2, 2019 11:12:29 PM}}",
"aws.cloudtrail.user_identity.access_key_id": "AKIAI44QH8DHBEXAMPLE",
Expand Down
2 changes: 2 additions & 0 deletions x-pack/filebeat/module/aws/cloudtrail/test/change-password-json.log-expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
"aws.cloudtrail.event_type": "AwsApiCall",
"aws.cloudtrail.event_version": "1.05",
"aws.cloudtrail.recipient_account_id": "0123456789012",
"aws.cloudtrail.request_id": "EXAMPLE-5204-4fed-9c60-9c6EXAMPLE",
"aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_KEY",
"aws.cloudtrail.user_identity.arn": "arn:aws:iam::0123456789012:user/Alice",
"aws.cloudtrail.user_identity.type": "IAMUser",
Expand Down Expand Up @@ -50,6 +51,7 @@
"aws.cloudtrail.event_type": "AwsApiCall",
"aws.cloudtrail.event_version": "1.05",
"aws.cloudtrail.recipient_account_id": "0123456789012",
"aws.cloudtrail.request_id": "EXAMPLE-5c16-4eda-9724-EXAMPLE",
"aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_KEY",
"aws.cloudtrail.user_identity.arn": "arn:aws:iam::0123456789012:user/Alice",
"aws.cloudtrail.user_identity.type": "IAMUser",
Expand Down
1 change: 1 addition & 0 deletions x-pack/filebeat/module/aws/cloudtrail/test/create-access-key-json.log-expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
"aws.cloudtrail.flattened.response_elements.accessKey.status": "Active",
"aws.cloudtrail.flattened.response_elements.accessKey.userName": "Bob",
"aws.cloudtrail.recipient_account_id": "0123456789012",
"aws.cloudtrail.request_id": "EXAMPLE-823a-48dc-8fa9-EXAMPLE",
"aws.cloudtrail.request_parameters": "{userName=Bob}",
"aws.cloudtrail.response_elements": "{accessKey={accessKeyId=EXAMPLE_KEY_ID, userName=Bob, status=Active, createDate=Jan 8, 2020 8:43:06 PM}}",
"aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_KEY",
Expand Down
2 changes: 2 additions & 0 deletions x-pack/filebeat/module/aws/cloudtrail/test/create-group-json.log-expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
"aws.cloudtrail.flattened.response_elements.group.groupName": "TEST-GROUP",
"aws.cloudtrail.flattened.response_elements.group.path": "/",
"aws.cloudtrail.recipient_account_id": "0123456789012",
"aws.cloudtrail.request_id": "EXAMPLE-769d-4a61-b731-EXAMPLE",
"aws.cloudtrail.request_parameters": "{groupName=TEST-GROUP}",
"aws.cloudtrail.response_elements": "{group={path=/, groupName=TEST-GROUP, groupId=EXAMPLE_ID, arn=arn:aws:iam::0123456789012:group/TEST-GROUP, createDate=Jan 9, 2020 1:48:44 AM}}",
"aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_KEY",
Expand Down Expand Up @@ -63,6 +64,7 @@
"aws.cloudtrail.event_version": "1.05",
"aws.cloudtrail.flattened.request_parameters.groupName": "TEST-GROUP",
"aws.cloudtrail.recipient_account_id": "0123456789012",
"aws.cloudtrail.request_id": "EXAMPLE-c8ae-44dc-8114-EXAMPLE",
"aws.cloudtrail.request_parameters": "{groupName=TEST-GROUP}",
"aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_KEY",
"aws.cloudtrail.user_identity.arn": "arn:aws:iam::0123456789012:user/Alice",
Expand Down
1 change: 1 addition & 0 deletions x-pack/filebeat/module/aws/cloudtrail/test/create-trail-json.log-expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
"aws.cloudtrail.flattened.response_elements.trailARN": "arn:aws:cloudtrail:us-west-2:0123456789012:trail/TEST-trail",
"aws.cloudtrail.read_only": false,
"aws.cloudtrail.recipient_account_id": "0123456789012",
"aws.cloudtrail.request_id": "EXAMPLE-5149-4cf2-be99-EXAMPLE",
"aws.cloudtrail.request_parameters": "{isMultiRegionTrail=true, s3BucketName=TEST-cloudtrail-bucket, name=TEST-trail, enableLogFileValidation=true, kmsKeyId=, isOrganizationTrail=false, includeGlobalServiceEvents=true}",
"aws.cloudtrail.response_elements": "{logFileValidationEnabled=true, isMultiRegionTrail=true, s3BucketName=TEST-cloudtrail-bucket, name=TEST-trail, trailARN=arn:aws:cloudtrail:us-west-2:0123456789012:trail/TEST-trail, isOrganizationTrail=false, includeGlobalServiceEvents=true}",
"aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_KEY",
Expand Down
1 change: 1 addition & 0 deletions x-pack/filebeat/module/aws/cloudtrail/test/create-virtual-mfa-device-json.log-expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
"aws.cloudtrail.flattened.request_parameters.virtualMFADeviceName": "Alice",
"aws.cloudtrail.flattened.response_elements.virtualMFADevice.serialNumber": "arn:aws:iam::0123456789012:mfa/Alice",
"aws.cloudtrail.recipient_account_id": "0123456789012",
"aws.cloudtrail.request_id": "EXAMPLE-303b-4b0e-a8c7-EXAMPLE",
"aws.cloudtrail.request_parameters": "{path=/, virtualMFADeviceName=Alice}",
"aws.cloudtrail.response_elements": "{virtualMFADevice={serialNumber=arn:aws:iam::0123456789012:mfa/Alice}}",
"aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_KEY",
Expand Down
1 change: 1 addition & 0 deletions x-pack/filebeat/module/aws/cloudtrail/test/deactivate-mfa-device-json.log-expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
"aws.cloudtrail.flattened.request_parameters.serialNumber": "arn:aws:iam::0123456789012:mfa/Alice",
"aws.cloudtrail.flattened.request_parameters.userName": "Alice",
"aws.cloudtrail.recipient_account_id": "0123456789012",
"aws.cloudtrail.request_id": "EXAMPLE-801a-4624-8fa0-EXAMPLE",
"aws.cloudtrail.request_parameters": "{serialNumber=arn:aws:iam::0123456789012:mfa/Alice, userName=Alice}",
"aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_ID",
"aws.cloudtrail.user_identity.arn": "arn:aws:iam::0123456789012:user/Alice",
Expand Down
1 change: 1 addition & 0 deletions x-pack/filebeat/module/aws/cloudtrail/test/delete-access-key-json.log-expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
"aws.cloudtrail.flattened.request_parameters.accessKeyId": "EXAMPLE_ID",
"aws.cloudtrail.flattened.request_parameters.userName": "Bob",
"aws.cloudtrail.recipient_account_id": "0123456789012",
"aws.cloudtrail.request_id": "EXAMPLE-3bea-41fa-a0b4-EXAMPLE",
"aws.cloudtrail.request_parameters": "{accessKeyId=EXAMPLE_ID, userName=Bob}",
"aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_ID",
"aws.cloudtrail.user_identity.arn": "arn:aws:iam::0123456789012:user/Alice",
Expand Down
1 change: 1 addition & 0 deletions x-pack/filebeat/module/aws/cloudtrail/test/delete-bucket-json.log-expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
"aws.cloudtrail.event_version": "1.04",
"aws.cloudtrail.flattened.request_parameters.bucketName": "my-test-bucket-cross-account",
"aws.cloudtrail.recipient_account_id": "777788889999",
"aws.cloudtrail.request_id": "EXAMPLE463D56D4C",
"aws.cloudtrail.request_parameters": "{bucketName=my-test-bucket-cross-account}",
"aws.cloudtrail.user_identity.access_key_id": "AKIAQRSTUVWXYZEXAMPLE",
"aws.cloudtrail.user_identity.arn": "arn:aws:sts::777788889999:assumed-role/AssumeNothing/devdsk",
Expand Down
2 changes: 2 additions & 0 deletions x-pack/filebeat/module/aws/cloudtrail/test/delete-group-json.log-expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
"aws.cloudtrail.event_version": "1.05",
"aws.cloudtrail.flattened.request_parameters.groupName": "TEST-GROUP",
"aws.cloudtrail.recipient_account_id": "0123456789012",
"aws.cloudtrail.request_id": "EXAMPLE-66cb-4775-a203-EXAMPLE",
"aws.cloudtrail.request_parameters": "{groupName=TEST-GROUP}",
"aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_KEY",
"aws.cloudtrail.user_identity.arn": "arn:aws:iam::0123456789012:user/Alice",
Expand Down Expand Up @@ -56,6 +57,7 @@
"aws.cloudtrail.event_version": "1.05",
"aws.cloudtrail.flattened.request_parameters.groupName": "TEST-GROUP",
"aws.cloudtrail.recipient_account_id": "0123456789012",
"aws.cloudtrail.request_id": "EXAMPLE-2a3c-4a94-b24f-EXAMPLE",
"aws.cloudtrail.request_parameters": "{groupName=TEST-GROUP}",
"aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_KEY_ID",
"aws.cloudtrail.user_identity.arn": "arn:aws:iam::0123456789012:user/Alice",
Expand Down
1 change: 1 addition & 0 deletions x-pack/filebeat/module/aws/cloudtrail/test/delete-ssh-public-key-json.log-expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
"aws.cloudtrail.flattened.request_parameters.sSHPublicKeyId": "EXAMPLE_KEY_ID",
"aws.cloudtrail.flattened.request_parameters.userName": "Bob",
"aws.cloudtrail.recipient_account_id": "0123456789012",
"aws.cloudtrail.request_id": "EXAMPLE-7b34-44ae-a22f-EXAMPLE",
"aws.cloudtrail.request_parameters": "{sSHPublicKeyId=EXAMPLE_KEY_ID, userName=Bob}",
"aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_KEY",
"aws.cloudtrail.user_identity.arn": "arn:aws:iam::0123456789012:user/Alice",
Expand Down
1 change: 1 addition & 0 deletions x-pack/filebeat/module/aws/cloudtrail/test/delete-trail-json.log-expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
"aws.cloudtrail.flattened.request_parameters.name": "arn:aws:cloudtrail:us-west-2:0123456789012:trail/test-trail",
"aws.cloudtrail.read_only": false,
"aws.cloudtrail.recipient_account_id": "0123456789012",
"aws.cloudtrail.request_id": "EXAMPLE-d44f-4a2a-966f-EXAMPLE",
"aws.cloudtrail.request_parameters": "{name=arn:aws:cloudtrail:us-west-2:0123456789012:trail/test-trail}",
"aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_KEY",
"aws.cloudtrail.user_identity.arn": "arn:aws:iam::0123456789012:user/Alice",
Expand Down
1 change: 1 addition & 0 deletions x-pack/filebeat/module/aws/cloudtrail/test/delete-user-json.log-expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
"aws.cloudtrail.event_version": "1.05",
"aws.cloudtrail.flattened.request_parameters.userName": "Bob",
"aws.cloudtrail.recipient_account_id": "123456789012",
"aws.cloudtrail.request_id": "0e794d53-cdb5-4f7d-b7db-5EXAMPLE",
"aws.cloudtrail.request_parameters": "{userName=Bob}",
"aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_KEY_ID",
"aws.cloudtrail.user_identity.arn": "arn:aws:iam::123456789012:user/Alice",
Expand Down
1 change: 1 addition & 0 deletions x-pack/filebeat/module/aws/cloudtrail/test/delete-virtual-mfa-device-json.log-expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
"aws.cloudtrail.event_version": "1.05",
"aws.cloudtrail.flattened.request_parameters.serialNumber": "arn:aws:iam::0123456789012:mfa/Alice",
"aws.cloudtrail.recipient_account_id": "0123456789012",
"aws.cloudtrail.request_id": "EXAMPLE-af91-4d1a-aaf2-EXAMPLE",
"aws.cloudtrail.request_parameters": "{serialNumber=arn:aws:iam::0123456789012:mfa/Alice}",
"aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_KEY",
"aws.cloudtrail.user_identity.arn": "arn:aws:iam::0123456789012:user/Alice",
Expand Down
1 change: 1 addition & 0 deletions ...lebeat/module/aws/cloudtrail/test/describe_configuration_recorders-json.log-expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
"aws.cloudtrail.management_event": true,
"aws.cloudtrail.read_only": true,
"aws.cloudtrail.recipient_account_id": "REDACTED",
"aws.cloudtrail.request_id": "REDACTED",
"aws.cloudtrail.user_identity.access_key_id": "REDACTED",
"aws.cloudtrail.user_identity.arn": "arn:aws:iam::REDACTED:user/REDACTED",
"aws.cloudtrail.user_identity.session_context.mfa_authenticated": "true",
Expand Down
1 change: 1 addition & 0 deletions x-pack/filebeat/module/aws/cloudtrail/test/enable-mfa-device-json.log-expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
"aws.cloudtrail.flattened.request_parameters.serialNumber": "arn:aws:iam::0123456789012:mfa/Bob",
"aws.cloudtrail.flattened.request_parameters.userName": "Bob",
"aws.cloudtrail.recipient_account_id": "0123456789012",
"aws.cloudtrail.request_id": "EXAMPLE-adea-490a-a806-EXAMPLE",
"aws.cloudtrail.request_parameters": "{serialNumber=arn:aws:iam::0123456789012:mfa/Bob, userName=Bob}",
"aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_KEY",
"aws.cloudtrail.user_identity.arn": "arn:aws:iam::0123456789012:user/Alice",
Expand Down
1 change: 1 addition & 0 deletions x-pack/filebeat/module/aws/cloudtrail/test/remove-user-from-group-json.log-expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
"aws.cloudtrail.flattened.request_parameters.groupName": "Admin",
"aws.cloudtrail.flattened.request_parameters.userName": "Bob",
"aws.cloudtrail.recipient_account_id": "0123456789012",
"aws.cloudtrail.request_id": "EXAMPLE-0bf0-47be-bc80-EXAMPLE",
"aws.cloudtrail.request_parameters": "{groupName=Admin, userName=Bob}",
"aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_KEY",
"aws.cloudtrail.user_identity.arn": "arn:aws:iam::0123456789012:user/Alice",
Expand Down
1 change: 1 addition & 0 deletions x-pack/filebeat/module/aws/cloudtrail/test/start-logging-json.log-expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
"aws.cloudtrail.flattened.request_parameters.name": "TEST-trail",
"aws.cloudtrail.read_only": false,
"aws.cloudtrail.recipient_account_id": "0123456789012",
"aws.cloudtrail.request_id": "EXAMPLE-1c30-4f43-9763-EXAMPLE",
"aws.cloudtrail.request_parameters": "{name=TEST-trail}",
"aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_KEY",
"aws.cloudtrail.user_identity.arn": "arn:aws:iam::0123456789012:user/Alice",
Expand Down
1 change: 1 addition & 0 deletions x-pack/filebeat/module/aws/cloudtrail/test/stop-logging-json.log-expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
"aws.cloudtrail.flattened.request_parameters.name": "arn:aws:cloudtrail:us-west-2:0123456789012:trail/TEST-trail",
"aws.cloudtrail.read_only": false,
"aws.cloudtrail.recipient_account_id": "0123456789012",
"aws.cloudtrail.request_id": "EXAMPLE-869f-4fec-86f9-EXAMPLE",
"aws.cloudtrail.request_parameters": "{name=arn:aws:cloudtrail:us-west-2:0123456789012:trail/TEST-trail}",
"aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_KEY",
"aws.cloudtrail.user_identity.arn": "arn:aws:iam::0123456789012:user/Alice",
Expand Down
1 change: 1 addition & 0 deletions x-pack/filebeat/module/aws/cloudtrail/test/update-access-key-json.log-expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
"aws.cloudtrail.flattened.request_parameters.status": "Inactive",
"aws.cloudtrail.flattened.request_parameters.userName": "Bob",
"aws.cloudtrail.recipient_account_id": "0123456789012",
"aws.cloudtrail.request_id": "EXAMPLE-7d0c-45f4-b25b-EXAMPLE",
"aws.cloudtrail.request_parameters": "{accessKeyId=EXAMPLE_KEY_ID, userName=Bob, status=Inactive}",
"aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_KEY_ID",
"aws.cloudtrail.user_identity.arn": "arn:aws:iam::0123456789012:user/Alice",
Expand Down
1 change: 1 addition & 0 deletions .../filebeat/module/aws/cloudtrail/test/update-accout-password-policy-json.log-expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
"aws.cloudtrail.flattened.request_parameters.requireSymbols": true,
"aws.cloudtrail.flattened.request_parameters.requireUppercaseCharacters": true,
"aws.cloudtrail.recipient_account_id": "0123456789012",
"aws.cloudtrail.request_id": "EXAMPLE-5ebf-4bc3-a349-EXAMPLE",
"aws.cloudtrail.request_parameters": "{minimumPasswordLength=12, requireSymbols=true, allowUsersToChangePassword=true, requireLowercaseCharacters=true, requireNumbers=true, requireUppercaseCharacters=true}",
"aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_KEY",
"aws.cloudtrail.user_identity.arn": "arn:aws:iam::0123456789012:user/Alice",
Expand Down
2 changes: 2 additions & 0 deletions x-pack/filebeat/module/aws/cloudtrail/test/update-group-json.log-expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
"aws.cloudtrail.flattened.request_parameters.groupName": "TEST-GROUP",
"aws.cloudtrail.flattened.request_parameters.newGroupName": "TEST-GROUP2",
"aws.cloudtrail.recipient_account_id": "0123456789012",
"aws.cloudtrail.request_id": "EXAMPLE-c22d-4fca-b40a-EXAMPLE",
"aws.cloudtrail.request_parameters": "{groupName=TEST-GROUP, newGroupName=TEST-GROUP2}",
"aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_KEY",
"aws.cloudtrail.user_identity.arn": "arn:aws:iam::0123456789012:user/Alice",
Expand Down Expand Up @@ -56,6 +57,7 @@
"aws.cloudtrail.flattened.request_parameters.groupName": "TEST-GROUP2",
"aws.cloudtrail.flattened.request_parameters.newGroupName": "TEST-GROUP",
"aws.cloudtrail.recipient_account_id": "0123456789012",
"aws.cloudtrail.request_id": "EXAMPLE-f673-4ce7-8529-EXAMPLE",
"aws.cloudtrail.request_parameters": "{groupName=TEST-GROUP2, newGroupName=TEST-GROUP}",
"aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_KEY",
"aws.cloudtrail.user_identity.arn": "arn:aws:iam::0123456789012:user/Alice",
Expand Down
1 change: 1 addition & 0 deletions x-pack/filebeat/module/aws/cloudtrail/test/update-login-profile-json.log-expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
"aws.cloudtrail.event_version": "1.05",
"aws.cloudtrail.flattened.request_parameters.userName": "Bob",
"aws.cloudtrail.recipient_account_id": "0123456789012",
"aws.cloudtrail.request_id": "EXAMPLE-0dc6-447a-8859-EXAMPLE",
"aws.cloudtrail.request_parameters": "{userName=Bob}",
"aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_KEY",
"aws.cloudtrail.user_identity.arn": "arn:aws:iam::0123456789012:user/Alice",
Expand Down
2 changes: 2 additions & 0 deletions x-pack/filebeat/module/aws/cloudtrail/test/update-ssh-public-key-json.log-expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
"aws.cloudtrail.flattened.request_parameters.status": "Inactive",
"aws.cloudtrail.flattened.request_parameters.userName": "Bob",
"aws.cloudtrail.recipient_account_id": "0123456789012",
"aws.cloudtrail.request_id": "EXAMPLE-32f3-4a92-82e1-EXAMPLE",
"aws.cloudtrail.request_parameters": "{sSHPublicKeyId=EXAMPLE_KEY_ID, userName=Bob, status=Inactive}",
"aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_KEY_ID",
"aws.cloudtrail.user_identity.arn": "arn:aws:iam::0123456789012:user/Alice",
Expand Down Expand Up @@ -59,6 +60,7 @@
"aws.cloudtrail.flattened.request_parameters.status": "Inactive",
"aws.cloudtrail.flattened.request_parameters.userName": "Bob",
"aws.cloudtrail.recipient_account_id": "0123456789012",
"aws.cloudtrail.request_id": "EXAMPLE-32f3-4a92-82e1-EXAMPLE",
"aws.cloudtrail.request_parameters": "{sSHPublicKeyId=EXAMPLE_KEY_ID, userName=Bob, status=Inactive}",
"aws.cloudtrail.user_identity.access_key_id": "EXAMPLE_KEY_ID",
"aws.cloudtrail.user_identity.arn": "arn:aws:iam::0123456789012:user/Alice",
Expand Down
Loading

0 comments on commit a6c07c5

Please sign in to comment.