Amazon AWS CloudTrail Sample Event Message
Use these sample event messages to verify a successful integration with JSA.
Note:
Due to formatting, paste the message formats into a text editor and then remove any carriage return or line feed characters.
Amazon AWS CloudTrail sample message when you use the Amazon REST API protocol
The following sample event message shows the specified managed policy that is attached to a specified user.
{"eventVersion":"1.05","userIdentity":
{"type":"Root","principalId":"555555555555","arn":"arn:aws:iam::555555555555:root","accountId":"
555555555555","accessKeyId":"AAAAAA1AAAAA1A1AAA11","sessionContext":{"attributes":
{"mfaAuthenticated":"false","creationDate":"2019-06-11T16:43:07Z"}},"invokedBy":"signin.qradar.e
xample.test"},"eventTime":"2019-06-11T16:54:03Z","eventSource":"iam.qradar.example.test","eventN
ame":"AttachUserPolicy","awsRegion":"useast-
1","sourceIPAddress":"172.16.89.242","userAgent":"signin.qradar.example.test","requestParam
eters":{"userName":"sampleuser","policyArn":"arn:aws:iam::aws:policy/
AmazonEC2ContainerRegistryFullAccess"},"responseElements":null,"requestID":"849df62f-8c69-11e9-
bb3cabc750f0b415","
eventID":"bdcc7610-7f82-4cde-9f6e-1c3cb1927353","eventType":"AwsApiCall","recipie
ntAccountId":"555555555555"}Amazon AWS CloudTrail sample message when you use the Amazon Web Services protocol
The following sample event message describes trails.
{LogStreamName: 111111111111_CloudTrail_us-east-2,Timestamp: 1505744407363,Message:
{"eventVersion":"1.05","userIdentity":
{"type":"IAMUser","principalId":"AAAAAAAAAAAAAAAAAAAAA","arn":"arn:aws:iam::111111111111:user/
Test-User","accountId":"111111111111","accessKeyId":"AAAAA1A1AA1AA1111AAA","userName":"Test-
User","sessionContext":{"attributes":
{"mfaAuthenticated":"false","creationDate":"2017-09-18T13:22:10Z"}},"invokedBy":"sub.domain.test
"},"eventTime":"2017-09-18T14:10:15Z","eventSource":"sub2.domain.test","eventName":"DescribeTrai
ls","awsRegion":"useast-
1","sourceIPAddress":"192.168.10.187","userAgent":"sub.domain.test","requestParameters":
{"includeShadowTrails":false,"trailNameList":
[]},"responseElements":null,"requestID":"17b7a04c-9c7b-11e7-9d83-43d5bce2d2fc","eventID":"a4914e
00-65e5-491d-b1c6-
a0dd3845b302","eventType":"AwsApiCall","recipientAccountId":"111111111111"},IngestionTime:
1505744407506,EventId: 33579222362714760922479126672120053866513932467844153344}