-
Notifications
You must be signed in to change notification settings - Fork 383
/
Copy pathaws_cloudtrail_updateaccountpasswordpolicy.yml
107 lines (107 loc) · 2.83 KB
/
aws_cloudtrail_updateaccountpasswordpolicy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
name: AWS CloudTrail UpdateAccountPasswordPolicy
id: 35a8cc97-3600-40e1-a5d1-1c2ad5060be0
version: 1
date: '2024-07-18'
author: Patrick Bareiss, Splunk
description: Data source object for AWS CloudTrail UpdateAccountPasswordPolicy
source: aws_cloudtrail
sourcetype: aws:cloudtrail
separator: eventName
supported_TA:
- name: Splunk Add-on for AWS
url: https://splunkbase.splunk.com/app/1876
version: 7.9.0
fields:
- _time
- action
- app
- awsRegion
- aws_account_id
- change_type
- command
- date_hour
- date_mday
- date_minute
- date_month
- date_second
- date_wday
- date_year
- date_zone
- dest
- dvc
- errorCode
- eventCategory
- eventID
- eventName
- eventSource
- eventTime
- eventType
- eventVersion
- eventtype
- host
- index
- linecount
- managementEvent
- msg
- object_category
- product
- punct
- readOnly
- recipientAccountId
- region
- requestID
- requestParameters.allowUsersToChangePassword
- requestParameters.hardExpiry
- requestParameters.minimumPasswordLength
- requestParameters.requireLowercaseCharacters
- requestParameters.requireNumbers
- requestParameters.requireSymbols
- requestParameters.requireUppercaseCharacters
- responseElements
- sessionCredentialFromConsole
- signature
- source
- sourceIPAddress
- sourcetype
- splunk_server
- src
- src_ip
- start_time
- status
- tag
- tag::eventtype
- timeendpos
- timestartpos
- user
- userAgent
- userIdentity.accessKeyId
- userIdentity.accountId
- userIdentity.arn
- userIdentity.principalId
- userIdentity.sessionContext.attributes.creationDate
- userIdentity.sessionContext.attributes.mfaAuthenticated
- userIdentity.type
- userName
- user_access_key
- user_agent
- user_arn
- user_group_id
- user_id
- user_name
- user_type
- vendor
- vendor_account
- vendor_product
- vendor_region
example_log: '{"eventVersion": "1.08", "userIdentity": {"type": "Root", "principalId":
"111111111111", "arn": "arn:aws:iam::111111111111:root", "accountId": "111111111111",
"accessKeyId": "ASIASBMSCQHHZZ4THONS", "sessionContext": {"sessionIssuer": {}, "webIdFederationData":
{}, "attributes": {"creationDate": "2023-01-26T22:10:41Z", "mfaAuthenticated": "false"}}},
"eventTime": "2023-01-26T22:38:59Z", "eventSource": "iam.amazonaws.com", "eventName":
"UpdateAccountPasswordPolicy", "awsRegion": "us-east-1", "sourceIPAddress": "23.93.193.7",
"userAgent": "AWS Internal", "requestParameters": {"minimumPasswordLength": 6, "requireSymbols":
true, "requireNumbers": false, "requireUppercaseCharacters": false, "requireLowercaseCharacters":
false, "allowUsersToChangePassword": false, "hardExpiry": false}, "responseElements":
null, "requestID": "7685efa9-5c56-451a-bd25-3db520108589", "eventID": "ccc1d5c2-dd72-4798-8023-ed5a4205f2d5",
"readOnly": false, "eventType": "AwsApiCall", "managementEvent": true, "recipientAccountId":
"111111111111", "eventCategory": "Management", "sessionCredentialFromConsole": "true"}'