Views:
Field Name
Type
General Field
Description
Example
Products
additionalEventData
  • None
-
The additional data about the event that was not part of the request or response
  • {"SignatureVersion":"SigV4","CipherSuite":"ECDHE-RSA-AES128-GCM-SHA256"}
  • Trend Cloud One - AWS CloudTrail
apiVersion
  • None
-
The API version associated with the AwsApiCall eventType value
  • 2012-08-10
  • Trend Cloud One - AWS CloudTrail
awsRegion
  • None
-
AWS region that the request was made to
  • us-east-1
  • us-east-2
  • us-west-1
  • Trend Cloud One - AWS CloudTrail
errorCode
  • None
-
The AWS service error code
  • ThrottlingException
  • InvalidParameterValueException
  • NoSuchLifecycleConfiguration
  • Trend Cloud One - AWS CloudTrail
errorMessage
  • None
-
The error description
  • The specified bucket does not have a website configuration
  • An unknown error occurred
  • The lifecycle configuration does not exist
  • Trend Cloud One - AWS CloudTrail
eventCase
  • None
-
The AWS service that the request was made to
  • workspaces.amazonaws.com
  • sts.amazonaws.com
  • kms.amazonaws.com
  • Security Analytics Engine
eventCategory
  • None
-
The event category used in LookupEvents calls
  • Management
  • Data
  • Insight
  • Trend Cloud One - AWS CloudTrail
eventID
  • None
-
The GUID generated by AWS CloudTrail to identify events
  • 11111111-1111-1111-1111-111111111111
  • Trend Cloud One - AWS CloudTrail
eventName
  • None
-
The name of the log event
  • PutObject
  • GetObject
  • DescribeTable
  • Trend Cloud One - AWS CloudTrail
eventSource
  • None
-
The AWS service the request was made to
  • s3.amazonaws.com
  • dynamodb.amazonaws.com
  • xray.amazonaws.com
  • Trend Cloud One - AWS CloudTrail
eventSubId
  • None
-
The access type
  • PutObject
  • GetObject
  • DescribeTable
  • Security Analytics Engine
eventTime
  • None
-
The time the agent or product detected the event
  • 2022-07-06T22:28:06Z
  • Trend Cloud One - AWS CloudTrail
eventType
  • None
-
The type of event that generated the event record
  • AwsApiCall
  • AwsServiceEvent
  • AwsConsoleAction
  • Trend Cloud One - AWS CloudTrail
eventVersion
  • None
-
The log event format version
  • 1.08
  • Trend Cloud One - AWS CloudTrail
filterRiskLevel
  • None
-
The top-level risk level of the event
  • info
  • low
  • medium
  • Security Analytics Engine
groupId
  • None
-
The group ID for the management scope filter
  • 11111111-1111-1111-1111-111111111111
  • Security Analytics Engine
logReceivedTime
  • None
-
The time when the XDR log was received
  • 1656324260000
  • Security Analytics Engine
policyTreePath
  • None
-
The policy tree path (endpoint only)
  • policyname1/policyname2/policyname3
  • Security Analytics Engine
productCode
  • None
-
The internal product code
  • sct
  • Security Analytics Engine
readOnly
  • None
-
Whether the operation is read-only
  • true
  • false
  • Trend Cloud One - AWS CloudTrail
recipientAccountId
  • None
-
The Account ID that received the event
  • 123456789012
  • Trend Cloud One - AWS CloudTrail
requestID
  • None
-
The request ID
  • 11111111-1111-1111-1111-111111111111
  • Trend Cloud One - AWS CloudTrail
requestParameters
  • None
-
The parameters, if any, that were sent with the request
  • {"durationSeconds": 3600, "roleSessionName":"BackplaneAssumeRoleSession"}
  • Trend Cloud One - AWS CloudTrail
resources
  • None
-
The list of resources accessed in the event
  • [{"type":"AWS::S3::Object","ARN":"arn:aws:s3:::your-bucket/file.txt"}]
  • Trend Cloud One - AWS CloudTrail
responseElements
  • None
-
The response elements for actions that made changes (create, update, or delete actions)
  • {"user":{"createDate":"Mar 24, 2014 9:11:59 PM","userName":"Bob","arn":"arn:aws:iam::123456789012:user/Bob","path":"/","userId":"EXAMPLEUSERID"}}
  • Trend Cloud One - AWS CloudTrail
serviceEventDetails
  • None
-
The service event details
  • {"lifecycleEventPolicy":{"policyVersion":1,"policyId":"11111111-1111-1111-1111-111111111111"}}
  • Trend Cloud One - AWS CloudTrail
sharedEventID
  • None
-
The GUID generated by AWS CloudTrail to uniquely identify CloudTrail events
  • 11111111-1111-1111-1111-111111111111
  • Trend Cloud One - AWS CloudTrail
sourceIPAddress
  • None
  • IPv4
  • IPv6
The IP address the request was made from (for service console: the customer resource, for AWS services: the DNS name)
  • 10.10.10.10
  • apigateway.amazonaws.com
  • config.amazonaws.com
  • Trend Cloud One - AWS CloudTrail
tags
  • None
-
The detected technique ID based on the alert filter
  • MITREV9.T1090
  • MITRE.T1059
  • MITREV9.T1059.001
  • Security Analytics Engine
userAgent
  • None
  • CLICommand
The user agent or the agent through which the request was made
  • signin.amazonaws.com
  • console.amazonaws.com
  • aws-cli/1.3.23 Python/2.7.6 Linux/2.6.18-164.el5
  • Trend Cloud One - AWS CloudTrail
userIdentity
  • None
-
The information about the user that made a request
  • {"type":"AWSService","invokedBy":"apigateway.amazonaws.com"}
  • {"type":"AWSService","invokedBy":"lambda.amazonaws.com"}
  • Trend Cloud One - AWS CloudTrail
uuid
  • None
-
The unique key of the log
  • 11111111-1111-1111-1111-111111111111
  • Security Analytics Engine
vpcEndpointId
  • None
-
The VPC endpoint in which requests were made from a VPC to another AWS service
  • vpce-00000000000000000
  • Trend Cloud One - AWS CloudTrail